From fd4ef3c95cdd17cba69823593170f773e0daa092 Mon Sep 17 00:00:00 2001 From: lutter Date: Mon, 18 Sep 2006 10:45:14 +0000 Subject: Better documentation around certificate revocation and mgmt git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1619 980ebf18-57e1-0310-9a29-db15c13687c0 --- documentation/documentation/security.page | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'documentation') diff --git a/documentation/documentation/security.page b/documentation/documentation/security.page index 086a2572d..b27a4bee3 100644 --- a/documentation/documentation/security.page +++ b/documentation/documentation/security.page @@ -50,8 +50,16 @@ Prior to the 1.0 release it is expected that there will be email notification of certificate requests waiting to be signed, but for now either the logs must be watched or ``puppetca --list`` can be used list waiting requests. -Once a request arrives, ``puppetca --sign `` can be used to sign the -request. Adding the ``--all`` flag will sign all outstanding requests. +Once a request arrives, ``puppetca --sign `` can be used to sign +the request. Adding the ``--all`` flag will sign all outstanding +requests. A list of all certificates ever issued by Puppet's CA can be +found in the file ``$cadir/inventory.txt''. + +Certificates, once issued, can be revoked with ``puppetca --revoke +''. The server consults the certificate revocation list +(CRL) every time a client tries to connect to the server; for revocations +to take effect, the server must be restarted after the certificate +revocation with ``puppetca''. # Access and Authorization -- cgit