today I try to change the SSL certificate of web interface on apache.
my configuration was:
···======================= ServerName foreman.mydomain.com ServerAlias foreman
Use puppet certificates for SSL
# To eliminate BEAST vulnerability - by VHS 07/12/2012 SSLHonorCipherOrder On SSLCipherSuite
work (or maybe work good), but:
- when I try to conect any old client to foreman I receive this error:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not find node ‘valin.mydomain.com’; cannot compile
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
and if I delete the client certificate (on client and on server) and
recreate and re-sign it… so, all work again.
my question is:
- what is the correct way to configure foreman with a “valid” certificate ??
- when the certificate will expire, we need to re-sign all the clients ??
what is the process ??
PS: I readed the FAQ and other documentation in the foreman website… but,
I didnt found help there.
I believe that is all for now.