Hi Matt Concatenating their intermediate and the root CA into one pem and > referencing that in /etc/puppetlabs/puppet/foreman.yaml for :ssl_ca: fixed > the problem. >
Can you explain how you did this? It should be obvious, but I'm not having any luck making it work. On Tuesday, July 11, 2017 at 6:27:16 AM UTC-4, Matt Cahill wrote: > > I did eventually get this working. > > https://theforeman.org/2015/11/foreman-ssl.html > https://alexshepherd.me/articles/changing-foremans-ssl-certificate > <https://www.google.com/url?q=https%3A%2F%2Falexshepherd.me%2Farticles%2Fchanging-foremans-ssl-certificate&sa=D&sntz=1&usg=AFQjCNF-HApeEJhueDE1sOtYBG2JkVVV2A> > > The specific problem I had all along was that I was supplied an > intermediate cert chain without the root CA (as mentioned by alex shepherd). > Concatenating their intermediate and the root CA into one pem and > referencing that in /etc/puppetlabs/puppet/foreman.yaml for :ssl_ca: > fixed the problem. > > Installing via puppet: > > foreman::ssl: true > puppet::server_foreman_ssl_ca: '/etc/pki/tls/certs/cachain_with_root.pem' > puppet::server_foreman_url: 'https://puppet.example.com' > foreman::server_ssl_key: '/etc/pki/tls/private/puppet.example.com.key' > foreman::server_ssl_cert: '/etc/pki/tls/certs/puppet.example.com.crt' > foreman::server_ssl_chain: '/etc/pki/tls/certs/cachain_with_root.pem' > foreman::servername: 'puppet.example.com' > foreman::foreman_url: 'https://puppet.example.com' > foreman::websockets_ssl_key: '/etc/pki/tls/private/puppet.example.key' > foreman::websockets_ssl_cert: '/etc/pki/tls/certs/puppet.example.crt' > > or with foreman-installer options > > foreman-installer --foreman-ssl \ > --puppet-server-foreman-ssl-ca '/etc/pki/tls/certs/cachain_with_root.pem' > \ > --puppet-server-foreman-url 'https://puppet.example.com' \ > --foreman-server-ssl-key '/etc/pki/tls/private/puppet.example.com.key' \ > --foreman-server-ssl-cert '/etc/pki/tls/certs/puppet.example.com.crt' \ > --foreman-server-ssl-chain '/etc/pki/tls/certs/cachain_with_root.pem' \ > --foreman-servername 'puppet.example.com' \ > --foreman-foreman-url 'https://puppet.example.com' \ > --foreman-websockets-ssl-key '/etc/pki/tls/private/puppet.example.key' \ > --foreman-websockets-ssl-cert '/etc/pki/tls/certs/puppet.example.crt' > > cheers > > Matt > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
