I have successfully updated Foreman/Katello deployment to use signed certificates.
I would like to revert this back to use default self-signed certificates (as per initial build) for further testing, I tried to do this by reverting to a VM snapshot taken with foreman services stopped prior to updating the certificates. This was unsuccessful as it was then unable to connect to upstream subscription allocation until I re-applied the signed certificates.
This appears to work with regard to resetting the certs back to self-signed as I get invalid certificate in BUI connection (plus HSTS errors that I had to clear in chrome) but the result is the same in as much as I still get “unable to connect to upstream subscription allocation” errors when viewing the subscriptions tab and the dashboard widgets are stuck at loading.
# foreman-installer --scenario katello
> --reset-certs-server-cert
> --reset-certs-server-key
> --reset-certs-server-ca-cert
> --certs-update-server --certs-update-server-ca
…
…
Success!
* Foreman is running at https://xxxxxxxxxxxxxxxxxxxxxxx
* To install an additional Foreman proxy on separate machine continue by running:
foreman-proxy-certs-generate --foreman-proxy-fqdn “$FOREMAN_PROXY” --certs-tar “/root/$FOREMAN_PROXY-certs.tar”
This is the comment you should have led with as this does not always have to do with the certificates deployed for the server but rather around the manifest and connection back to Red Hat.
Are you using a manifest from Red Hat that you imported to get RH content? Can you describe a bit more your setup around that and what you are attempting to do that leads to this error?
Yes I am using a RH Manifest that was working and providing access to RH content immediately prior to making any certificate changes. On switching to signed certs the manifest connection to RH still worked, on reverting the certs back to self-signed the RH manifest connection breaks, on re-applying the signed certs the RH manifest connection works again. So the only scenario where it does not work is on reverting from signed to self-signed certs.