Regenerate the SAML certificate
By default, the SAML certificate expires every 824 days. Regenerate the certificate when it is nearing or past expiration.
/opt/puppetlabs/puppet/bin/openssl x509 -in /etc/puppetlabs/puppet/ssl/certs/saml-cert.pem -noout -startdate -enddate
To generate a new SAML certificate, remove the existing certificate. After you remove the existing certificate, a new one is generated automatically on the next Puppet run.
Remove the existing SAML certificate.
On the primary server, run both these commands:
puppet ssl clean --certname saml-cert puppetserver ca clean --certname saml-cert
Run Puppet to generate a new certificate.
On the primary server, run:
Alternatively, you can wait for the next Puppet run.
puppet agent -t