correction cat intermediate.pem > foreman_ssl_ca.pem cat digicert_root_ca.crt >> foreman_ssl_ca.pem
On 14 December 2017 at 17:22, Matt Cahill <[email protected]> wrote: > Hi David, > > for us it's just simply a plain text PEM encoded certificate file like so: > > -----BEGIN CERTIFICATE----- > encoded... > ...cert... > ...data > -----END CERTIFICATE----- > -----BEGIN CERTIFICATE----- > encoded... > ...cert... > ...data > -----END CERTIFICATE----- > > I just did the following > > cat intermediate.pem > foreman_ssl_ca.pem > cat digicert_root_ca.crt > foreman_ssl_ca.pem > > cheers > > Matt > > On 14 December 2017 at 07:39, David Childs <[email protected]> > wrote: > >> Hi Matt >> >> Concatenating their intermediate and the root CA into one pem and >>> referencing that in /etc/puppetlabs/puppet/foreman.yaml for :ssl_ca: fixed >>> the problem. >>> >> >> Can you explain how you did this? It should be obvious, but I'm not >> having any luck making it work. >> >> >> >> On Tuesday, July 11, 2017 at 6:27:16 AM UTC-4, Matt Cahill wrote: >>> >>> I did eventually get this working. >>> >>> https://theforeman.org/2015/11/foreman-ssl.html >>> https://alexshepherd.me/articles/changing-foremans-ssl-certificate >>> <https://www.google.com/url?q=https%3A%2F%2Falexshepherd.me%2Farticles%2Fchanging-foremans-ssl-certificate&sa=D&sntz=1&usg=AFQjCNF-HApeEJhueDE1sOtYBG2JkVVV2A> >>> >>> The specific problem I had all along was that I was supplied an >>> intermediate cert chain without the root CA (as mentioned by alex shepherd). >>> Concatenating their intermediate and the root CA into one pem and >>> referencing that in /etc/puppetlabs/puppet/foreman.yaml for :ssl_ca: >>> fixed the problem. >>> >>> Installing via puppet: >>> >>> foreman::ssl: true >>> puppet::server_foreman_ssl_ca: '/etc/pki/tls/certs/cachain_wi >>> th_root.pem' >>> puppet::server_foreman_url: 'https://puppet.example.com' >>> foreman::server_ssl_key: '/etc/pki/tls/private/puppet.example.com.key' >>> foreman::server_ssl_cert: '/etc/pki/tls/certs/puppet.example.com.crt' >>> foreman::server_ssl_chain: '/etc/pki/tls/certs/cachain_with_root.pem' >>> foreman::servername: 'puppet.example.com' >>> foreman::foreman_url: 'https://puppet.example.com' >>> foreman::websockets_ssl_key: '/etc/pki/tls/private/puppet.example.key' >>> foreman::websockets_ssl_cert: '/etc/pki/tls/certs/puppet.example.crt' >>> >>> or with foreman-installer options >>> >>> foreman-installer --foreman-ssl \ >>> --puppet-server-foreman-ssl-ca '/etc/pki/tls/certs/cachain_wi >>> th_root.pem' \ >>> --puppet-server-foreman-url 'https://puppet.example.com' \ >>> --foreman-server-ssl-key '/etc/pki/tls/private/puppet.example.com.key' \ >>> --foreman-server-ssl-cert '/etc/pki/tls/certs/puppet.example.com.crt' \ >>> --foreman-server-ssl-chain '/etc/pki/tls/certs/cachain_with_root.pem' \ >>> --foreman-servername 'puppet.example.com' \ >>> --foreman-foreman-url 'https://puppet.example.com' \ >>> --foreman-websockets-ssl-key '/etc/pki/tls/private/puppet.example.key' \ >>> --foreman-websockets-ssl-cert '/etc/pki/tls/certs/puppet.example.crt' >>> >>> cheers >>> >>> Matt >>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Foreman users" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/to >> pic/foreman-users/MMug-F4hNHg/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
