Puppet Server: Puppet HTTP API: Certificate Clean
Certificate Clean
The certificate clean
endpoint of the CA API allows the user to revoke and delete a list
of certificates with a single request.
PUT /puppet-ca/v1/clean
Content-Type: application/json
The body takes one required key, certnames
, a list of certificates to clean. Each cert
in the list will be revoked, then the associated certficate file will be deleted from the CA.
If a given certname does not have an associated signed cert on the CA, the response body will call this out, but the request will not error.
Example
PUT /puppet-ca/v1/clean
Content-Type: application/json
Content-Length: 58
{"certnames":["agent1.example.net","agent2.example.net"]}
HTTP/1.1 200 OK
Context-Type: text/plain
Successfully cleaned all certificates.
Both certs will be revoked, then have their files deleted.
PUT /puppet-ca/v1/clean
Content-Type: application/json
Content-Length: 58
{"certnames":["missing.example.net","agent1.example.net"]}
HTTP/1.1 200 OK
Context-Type: text/plain
The following certs do not exist and cannot be revoked: ["missing.example.net"]
The missing cert is skipped, the other is revoked and deleted.