This video gives you a basic introduction to certificates and explains how they’re used to secure Puppet communications.
Certificates help to provide secure connections between different parts of your infrastructure as those parts communicate with each other.
When you run the agent for the first time, it submits a CSR (Certificate Signing Request) to the primary server. Then the CSR is reviewed by the Puppet administrator and either accepted or denied.
Revoked or invalid certificates are placed on the CRL (certificate revocation list).