Setting up Puppet certificates
To generate and sign a certificate, follow the next steps:
- On the Puppet agent, run this command to generate an empty certificate: - # puppet agent -t 
- On the Puppet server side, list the current certificates that need approval: - # puppetserver ca list - It should output a list with your node hostname. 
- Approve the certificate, replacing - pending-agent-nodewith your agent’s node name:- # puppetserver ca sign --certname pending-agent-node - All certificates can be approved with this: - # puppetserver ca sign --all 
- Back on the Puppet agent node, run in the puppet agent again: - # puppet agent -t 
Note
Remember that private network DNS is a prerequisite for a successful certificate signing.