Unable to sign the SSL certificate for the puppet client in the satellite webUI
Environment
- Red Hat Satellite 6
Issue
- After installing and configuring the puppet agent, I can not see the SSL certificate for the puppet client through the Red Hat Satellite server web interface to sign it.
Resolution
-
On the puppet client remove the existing certificate data.
# rm -rf /var/lib/puppet/ssl/ -
On the satellite server clean out the revoked certificate.
# puppet cert clean <clientFQDN> -
Once this has been completed, generate a new certificate request on the puppet client.
# puppet agent -tv -
Access the satellite web UI and sign the newly generated certificate.
- Click on Infrastructure > Capsules > Click on the satellite name > Click on Puppet CA tab > Click on Certificates tab
- Click sign on the right for the correct puppet client system under Actions
For more KB articles/solutions related to Red Hat Satellite 6.x Puppet Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Puppet Issues
Root Cause
- The original certificate had been revoked which caused the puppet client to only show in the satellite web UI if the "revoked" filter was applied.
Diagnostic Steps
- In the satellite web UI:
- Click on Infrastructure > Capsules > Click on the satellite name > Click on Puppet CA tab > Click on Certificates tab
- On the next screen, the puppet client was not showing in the list even though
/var/log/messageson the client showed the certificate request was successfully sent to the satellite - Click the drop down box next to "Filter by state:" and choose revoked
- This is where the original system certificate is showing.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.