Regenerate infrastructure certificates
Regenerating certificates and security credentials—both private and public keys—created by the built-in PE certificate authority can help ensure the security of your installation in certain cases.
The process for regenerating certificates varies depending on your goal.
| If your goal is to... | Do this... |
|---|---|
| Upgrade to the intermediate certificate architecture introduced in Puppet 6.0. |
Complete these tasks in order: |
| Fix a compromised or damaged certificate authority. | |
| Fix a compromised compiler certificate or troubleshoot SSL errors on compilers. | Regenerate compiler certificates |
| Fix a compromised agent certificate or troubleshoot SSL errors on agent nodes. | Regenerate agent certificates |
| Specify a new DNS alt name or other trusted data. | Regenerate primary server certificates |
To support recovery, backups of your certificates are saved and the location
of the backup directory is output to the console. If the command fails after
deleting the certificates, you can restore your certificates with the contents
of this backup directory.
