I'm trying to use the Puppet API in our monitoring to check for and alert on any unsigned certificates that might be waiting in Puppet.
As per
http://docs.puppetlabs.com/guides/rest_api.html#certificate-status I should be able to use something like:
curl --cert /var/lib/puppet/ssl/certs/sql2.ourcompany.com.pem --key /var/lib/puppet/ssl/private_keys/sql2.ourcompany.com.pem --cacert /var/lib/puppet/ssl/certs/ca.pem -H 'Accept: pson'
https://puppet.ourcompanyhosting.co.uk:8140/production/certificate_statuses/no_keyHowever that errors:
Forbidden request:
sql2.ourcompany.com(xx.xxx.xxx.xx) access to /certificate_status/no_key [search] authenticated at :119
As far as I can see I should only be getting this response if I am not providing the required SSL certs. However as this is not the case I am at a loss.
Any ideas what is causing the issue? If this information can be pruned from PuppetDB instead I'd be happy to use that instead as we already have a PuppetDB instance running (I had a look through the PuppetDB API and could not see anything that did this).