Hello our Netwitness infrastructure is getting quite old and was installed over 5 years ago.
As a result the Puppet CA certificate and all the agent certificates are due to expire in about 2 months time.
When running puppet agent -t I get the error:
Info: Loading facts
Info: Retrieving pluginfacts
Warning: Certificate 'Puppet CA: 7e76ca89-a38d-4759-a5ad-cbabdd122b4a' will expire on 2019-11-16T13:53:56GMT
Warning: Certificate '7e76ca89-a38d-4759-a5ad-cbabdd122b4a' will expire on 2019-11-16T13:53:57GMT
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for 7e76ca89-a38d-4759-a5ad-cbabdd122b4a
Info: Applying configuration version '1569293923'
Similar messages are seen on all the devices in our Netwitness infrastructure.
What are the steps needed to renew the CA and the agent certificates?
Note: I am aware that 10.6.6.1 is end of life in October, but it is still currently supported . Thanks for your help.
Hi James,
I followed the steps at:
https://arrfab.net/posts/2019/Apr/29/renewextend-puppet-capuppetmasterd-certs/
as recommended and this replaced the CA Certificate.
I then had to replace the puppet agent certificate on the same server.
I replaced this with
puppet cert clean <node_id>
followed by deleting the existing client certificate under /var/lib/puppet/ssl/certs/
I then reran puppet agent -t
Which generated a new certificate
I then ran puppet cert sign --all
This then got everything working.
It looks like it was just the SA Server and CA that had a certificate running out. The others are good until 2022 so I can live with that.
Thanks for your help.