Changing Puppet Certificates

I recently had a requirement to change the certificate on a Puppet master. Initial thinking was that this was going to be a mammoth task involving updating each server in my environment. However, the master's certificate can be changed with no impact as long as it is issued by the same certificate authority.

The block below shows how to do this.


[[email protected] ~]# sudo service puppetmaster stop
[[email protected] ~]# sudo puppet cert -c puppet.poorlydocumented.co.uk
[[email protected] ~]# sudo puppet cert -g puppet.poorlydocumented.co.uk --dns_alt_names puppetdb.poorlydocumented.co.uk
[[email protected] ~]# sudo service puppetmaster start

If you are utilising PuppetDB in your environment, you will also need to update the SSL configuration.


[[email protected] ~]# sudo service puppetdb stop
[[email protected] ~]# sudo puppetdb ssl-setup -f
[[email protected] ~]# sudo service puppetdb start

This article is my 9th oldest. It is 124 words long