Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-1233

"Puppet cert list --all" output is confusing when a certificate has been cleaned and a new certificate has been signed

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Cannot Reproduce
    • None
    • None
    • Networking

    Description

      When signing a certificate for a host, and subsequently cleaning it, if you then sign a new certificate for the same host, the output of "puppet cert list --all" will be:

      • [host] ([fingerprint]) (certificate revoked)

      So, according to this listing, the host appears to have its certificate revoked when, in fact, it's the OLD certificate that was revoked.

      It would be good to rework the output so that it shows something similar to:

      • [host] ([fingerprint]) (certificate revoked)
      • [host] ([fingerprint]) (certificate revoked)
        ...
      • [host] ([fingerprint]) (certificate revoked)
        + [host] ([fingerprint])

      That way you can see all revoked certificates and the current signed certificate for the host. I can see that the listing could potentially get very long, so perhaps maybe just show the last revoked certificate? Your thoughts?

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              redmine.exporter redmine.exporter
              Erik Dasher Erik Dasher
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support