Problem:
I’m trying to secure my Foreman 1.23.0 web frontent using a wildcard certificate for my domain (*.domain.com). I’m running Puppet v6 and have managed to use the ‘puppetserver ca setup’ commands to setup the CA and sign agent client certificates.
However, when I change my /[…]/05-fireman-ssl.conf file to use my wildcard certificate my agents start to throw this error:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 500 on SERVER: Server Error: Failed to find ares.beerygaz.com via
exec: Execution of '/etc/puppetlabs/puppet/node.rb ares.beerygaz.com' returned 1
Running the command on the puppetmaster produces:
Serving cached ENC: Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate)
There are a lot of resources out there on trying to get this to work, but all seem dated or refer to files that no longer exist on the latest inplementation. Is there a definitive guide somewhere?
Expected outcome:
Agents work using Puppet CS, Foreman works using my wildcard cert.
Foreman and Proxy versions:
Foreman 1.23.0
Puppet 6.10.0