We need to move our foreman to a new domain. However, we’d like to do that without regenerating all client certificates.
I have successfully set up a new server, migrated the database and the certificates, but the clients won’t accept the server certificate anymore, because obviously it’s coming from a different domain.
The way I understand it it should be possible to create a new server certificate for the new domain from the old CA, and this would be accepted by the clients since it now matches the domain properly, and is issued by the same CA as they were.
I’m not 100% sure about this. SSL is a book on which I barely scratched the first seal, and it seems to have a couple dozens of it, so stop me right here if I’m wrong.
If what I’m intending here should be possible, however, could somebody tell me how to do that in foreman? I tried to making a new smart proxy, but that didn’t yield a certfiicate. I tried regenerating the smart-proxy cert as described here (first answer), but apparently I don’t even have that command (installed via foreman-installer, maybe there’s a difference…?).
Maybe I’m getting the concept of a smart proxy wrong and that’s not even what I should be generating a new certificate for.
As you can see, I have only half an idea of what I’m doing, so your help would be very appreciated!