Revocar certificados de un cliente

Miguel Coa M. -

1. Vamos los nodos

[root@master]# puppet cert --list --all 
+ "mailcleaner.example.com" (SHA256) CA:68:2C:FA:98:86:E7:95:83:D2:23:CA:FA:5B:FD:CB:F4:A1:66:8B:08:AF:1F:6B:81:64:EB:DA:C5:BF:98:47
+ "master.example.com" (SHA256) 6A:3C:AD:07:82:77:16:63:4C:81:F1:E8:E9:9A:28:F8:22:F1:DB:AB:3E:E0:A8:85:57:A9:F7:F5:9E:3B:05:B2
+ "nodo1.example.com" (SHA256) D6:16:41:EA:49:87:0E:E9:8F:0C:D7:41:98:F4:ED:56:7F:F9:47:D5:07:53:EB:C4:33:D6:93:B3:E2:ED:48:DE
+ "puppet.example.com" (SHA256) 7B:08:BD:49:FD:09:54:E5:F7:50:79:C9:05:C2:4F:94:EA:D3:B1:7F:A5:9F:9E:A7:F0:E7:CA:28:54:F9:0E:2A

2. Revocamos el certificado

[root@master]# puppet cert --revoke nodo1.example.com puppet.example.com
Revoked certificate with serial 3
Revoked certificate with serial 2

[root@master]# puppet cert --clean nodo1.example.com puppet.example.com
Revoked certificate with serial 3
Revoked certificate with serial 2

3. Reiniciamos el servicio puppet

[root@master]# /etc/init.d/puppetmaster restart
Stopping puppetmaster: [ OK ]
Starting puppetmaster: [ OK ]

4. Listamos los certificados validos y aceptados

[root@master]# puppet cert --list --all 
+ "mailcleaner.example.com" (SHA256) CA:68:2C:FA:98:86:E7:95:83:D2:23:CA:FA:5B:FD:CB:F4:A1:66:8B:08:AF:1F:6B:81:64:EB:DA:C5:BF:98:47
+ "master.example.com" (SHA256) 6A:3C:AD:07:82:77:16:63:4C:81:F1:E8:E9:9A:28:F8:22:F1:DB:AB:3E:E0:A8:85:57:A9:F7:F5:9E:3B:05:B2
¿Tiene más preguntas? Enviar una solicitud

0 Comentarios

Inicie sesión para dejar un comentario.
Tecnología de Zendesk