Certificate Clean

We've updated our documentation to remove harmful terminology.
Sections

The certificate clean endpoint of the CA API allows you to revoke and delete a list of certificates with a single request.

PUT /puppet-ca/v1/clean
Content-Type: application/json

The request body takes one required key — certnames. This includes the list of certificates for the endpoint to clean. Each certificate in the list is revoked, and the associated certificate file deleted from the CA.

If a certname does not have an associated signed cert on the CA, the response body calls this out, but the request does not error.

Example

In the following example, both certs are revoked and their files deleted.

PUT /puppet-ca/v1/clean
Content-Type: application/json
Content-Length: 58

{"certnames":["agent1.example.net","agent2.example.net"]}

HTTP/1.1 200 OK
Context-Type: text/plain
Successfully cleaned all certificates.

In the following example, the missing certificate is skipped, and the other is revoked and deleted.

PUT /puppet-ca/v1/clean
Content-Type: application/json
Content-Length: 58

{"certnames":["missing.example.net","agent1.example.net"]}

HTTP/1.1 200 OK
Context-Type: text/plain
The following certs do not exist and cannot be revoked: ["missing.example.net"]
How helpful was this page?

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.