Setting up Puppet certificates

To generate and sign a certificate, follow the next steps:

On the Puppet agent, run this command to generate an empty certificate:
```
# puppet agent -t
```
On the Puppet server side, list the current certificates that need approval:
```
# puppetserver ca list
```
It should output a list with your node hostname.
Approve the certificate, replacing pending-agent-node with your agent’s node name:
```
# puppetserver ca sign --certname pending-agent-node
```
All certificates can be approved with this:
```
# puppetserver ca sign --all
```
Back on the Puppet agent node, run in the puppet agent again:
```
# puppet agent -t
```

Note

Remember that private network DNS is a prerequisite for a successful certificate signing.