During the first Puppet run on a newly installed node, puppet agent --test creates a certificate-signing request (CSR) that now shows up as "unsigned" on the primary Puppet Server. You want to approve only that request so the node can download its initial catalog. Which single command should you run on the Puppet Server to sign the CSR according to current Puppet best practices?
Modern Puppet (version 6 and later) performs all certificate-authority tasks with the puppetserver ca sub-command. The sign action, combined with --certname, signs exactly the specified CSR and leaves any others untouched. The deprecated puppet cert sign command was removed starting with Puppet 6, so it will either be missing or redirect you to the new tool. puppetserver ca list only lists pending CSRs and makes no changes, while the OpenSSL command shown would bypass Puppet's built-in CA and therefore would not register the certificate in Puppet's inventory or allow catalog retrieval. Thus the only correct choice is the puppetserver ca sign command with the node's certname.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a certificate-signing request (CSR) in Puppet?
Open an interactive chat with Bash
Why was `puppet cert sign` deprecated in Puppet 6?
Open an interactive chat with Bash
What happens if you use OpenSSL to manually sign a CSR instead of Puppet’s CA?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Automation, Orchestration, and Scripting
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access