Problem:
Good afternoon. Please tell me how you can centrally revoke the certificates of several hosts. Maybe there is some kind of command? Revoking via the web one by one is not at all convenient
Expected outcome:
removed several unnecessary certificates
Foreman and Proxy versions:
2.4
Foreman and Proxy plugin versions:
Distribution and version:
Other relevant data:
I have the same problem. Time to reimage like a hundred machines and i need to revoke all their certificates.
this is the command:
puppetserver ca clean --certname HOSTNAME
So i will probably just end up making an excel file to create 100 commands and just copy /paste them into foreman… sucks that you cant select multiple certificates in the GUI at the same time to do this.
1.) Get a list of the machines you want to revoke in foreman gui. You can get them by selecting a group or whatever. Click the button that says “export to excel”
2.) open the excel document. Delete everything but the hostnames. Create a second column and put in just the following (no quotes) "puppetserver ca clean --certname ". Fill down the column so that every host field has this next to it.
3.) create a third column. Make the value =A2 & B2 . Fill that downward as well. You should now have all the commands in the third column.
4.) Copy and paste those commands to a new text document. Call it “something.sh” . On the first line of the text file, write the text “#! /bin/bash” (no quotes). this tells the file to run as a script.
5.) upload the file to foreman. I am using FTP and putting them in the /scripts directory.
6.) Open command line to foreman. go to scripts directory. use the command “chmod u+x something.sh” to allow the file to be run.
7.) run the file ./something.sh
8.) you should see the certificates start to revoke one by one.
9.) pick one of the entries and verify that the command did work using gui ( infrastructure → Smart Proxies → Puppet CA → certificates )
10.) repeat for next batch of machines.