I suspect the issue is related to how Foreman is creating /etc/foreman-proxy/foreman_ssl_ca.pem. I was able to complete a Foreman Proxy 3.11 install w/ custom certs by doing the following:
- Ran this command, which is unsuccessful (I got the error that says I have self-signed certs, which is not the case):
foreman-installer \
--scenario foreman-proxy-content \
--certs-tar-file "/root/myforemanproxy-certs.tar" \
--foreman-proxy-register-in-foreman "true" \
--foreman-proxy-foreman-base-url "https://myforemanserver.example.org" \
--foreman-proxy-trusted-hosts "https://myforemanproxy.example.org" \
--foreman-proxy-trusted-hosts "myforemanproxy.example.org" \
--foreman-proxy-oauth-consumer-key "<Redacted>" \
--foreman-proxy-oauth-consumer-secret "<Redacted>"
-
Manually placed my CA cert bundle (for our local CA) at
/root/ssl-build/local-ca_cert_bundle.pem. -
Edited
/etc/foreman-installer/scenarios.d/foreman-proxy-content-answers.yamland set the following:
server_ca_cert: "/root/ssl-build/local-ca_cert_bundle.pem"
- Reran the installer:
foreman-installer --scenario foreman-proxy-content
- The proxy successfully completed installation.
