Setting up Puppet certificates

Run in your Puppet agent to generate a certificate for the Puppet Server to sign:

# puppet agent -t

Note

You will see a message like this: Exiting; no certificate found and waitforcert is disabled

Log into to your Puppet Server, and list the certificates that need approval:

# puppet cert list

It should output a list with your node’s hostname.

Approve the certificate, replacing hostname.example.com with your agent's node name:

# puppet cert sign hostname.example.com

Back on the Puppet agent node, run the puppet agent again:

# puppet agent -t

Note

Remember that private network DNS is a prerequisite for a successful certificate signing.