9.1.11.7. Public Key InfrastructureΒΆ
Puppet has its own public key infrastructure (PKI) that is used exclusively for the puppet application. The PKI is used to provide access control and protect communications between the Puppet Server and the clients.
Additional information on Puppet and PKI can be found in the product documentation.
SIMP installs a scheduled job that will download a copy of the certificate revocation list (CRL) two times per day. If there is a client certificate that needs to be revoked, they can be added to the CRL and will no longer be able to connect to the Puppet Server.
References: SC-17 : PUBLIC KEY INFRASTRUCTURE CERTIFICATES