Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-1916

puppet cert clean cannot remove signing requests

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: PUP 3.4.2, PUP 3.4.3, PUP 3.6.2, PUP 3.7.3, PUP 3.7.5, PUP 4.10.6, PUP 5.0.1
    • Fix Version/s: PUP 4.10.11, PUP 5.3.5, PUP 5.4.0
    • Component/s: None
    • Environment:

      Puppet on CentOS 6 (via puppetlabs repo), Puppet on Debian7 (via puppetlabs repo)

    • Template:
    • Team:
      Platform Core
    • Sub-team:
    • Sprint:
      Platform Core KANBAN
    • CS Priority:
      Major
    • CS Frequency:
      4 - 50-90% of Customers
    • CS Severity:
      2 - Annoyance
    • CS Business Value:
      5 - $$$$$$
    • CS Impact:
      Hide
      We suspect that many users have run into this based on the number of watchers and the age of this ticket. There are workarounds to sign the CSR and then clean the resulting cert but it would be much cleaner and less frustrating to allow deletion/rejection/whatever of the CSR.
      Show
      We suspect that many users have run into this based on the number of watchers and the age of this ticket. There are workarounds to sign the CSR and then clean the resulting cert but it would be much cleaner and less frustrating to allow deletion/rejection/whatever of the CSR.
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Fixed a bug where running `puppet cert clean` would fail to clean a certificate signing request because it would try to revoke the cert. `puppet cert clean` can now correctly clean certificate signing requests.
    • QA Risk Assessment:
      No Action
    • QA Risk Assessment Reason:
      unit tests added to cover change

      Description

      I have a certificate signing request that I would like to get rid of with "puppet cert". However, I can only list and sign CSRs.

      Here's my log:
      [root@operations ~]# puppet --version
      3.4.2
      [root@operations ~]# puppet cert list | grep local
      "localhost.localdomain" (MD5) 12:5E:40:6B:79:84:6F:9C:51:7B:40:81:30:30:8B:F5
      [root@operations ~]# puppet cert clean localhost.localdomain
      Error: Could not find a serial number for localhost.localdomain

      A thread at puppet-users suggests this worked before, but is now broken:
      https://groups.google.com/forum/#!topic/puppet-users/gmIFG108aw0

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  eric.delaney Eric Delaney
                  Reporter:
                  rbu Robert Buchholz
                • Votes:
                  19 Vote for this issue
                  Watchers:
                  30 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Zendesk Support