...
Code Block |
---|
... { # Allow the CA CLI to access the certificate_status endpoint match-request: { path: "/puppet-ca/v1/certificate_status" type: path method: [get, put, delete] } allow: { extensions: { pp_cli_auth: "true" } } allow: PUPPETCA-FQDN sort-order: 500 name: "puppetlabs cert status" }, ... { # Allow the CA CLI to access the certificate_statuses endpoint match-request: { path: "/puppet-ca/v1/certificate_statuses" type: path method: get } allow: { extensions: { pp_cli_auth: "true" } } allow: PUPPETCA-FQDN sort-order: 500 name: "puppetlabs cert statuses" }, ... |
Also ensure there is something like this in /etc/hosts. It won't work with only the localhost definitions
Code Block |
---|
<ip-address> PUPPETCA-FQDN |
After restarting the puppetserver service you should be able to use commands like "puppetserver ca list --all
".
...