Good chance that I’m just a fool here, but how are we getting past this problem (Attached Screenshot) at the moment? Until recently, I was still able to hit it with Chrome but not Firefox. Now both browsers are giving me the same error. Is there a root CA that is created that I need to import, or whats the approach here?
That is the better solution. Note that for Foreman without Katello the CA is different. The CA location is in /etc/httpd/conf.d/05-foreman-ssl.conf on EL7 or equivalent Apache location for your OS. Note that you should do this on all your clients.
require_ssl should be fine and doesn’t need to be touched. HSTS is cached by browsers which can explain why you saw no difference. Note you still need to accept the self-signed certificate.
Once your browser gets the HSTS header, it will require all future communication with that host to be over HTTPS. After disabling the header you will still need to reset the browser’s memory to get access to the web ui - https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/ has a nice explanation.