I upgraded Foreman from 1.7.1 to 1.9.3 last night. Everything was running
fine, except I was having issues logging in with my LDAP account. I got the
following error while logging in:
"SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server
certificate B: certificate verify failed"
So I followed
http://www.theforeman.org/manuals/1.9/index.html#4.1.1LDAPAuthentication
for trusting certificates (I'm running Red Hat 6). That got my account
working. The steps I used were as follows:
cp /etc/ipa/ca/crt /etc/pki/tls/certs/ipa.crt
ln -s ipa.crt /etc/pki/tls/certs/$(openssl x509 -noout -hash -in /etc/pki/
tls/certs/ipa.cert).0
However, this morning, my boss is telling me he can't login with his LDAP.
He sends a screenshot, and it's the same error I was seeing from last night
on my account (my account is still working as of this morning).
I'm wondering what could occur that would allow my account to work, and his
to return that SSL error. They're both using the same freeipa system. Could
it be some kind of strange caching issue? Ruby should be using the
system-wide trusted cert stores correct?
Update:
In looking at the /etc/foreman/settings.yml file, I see the foreman CA file
is set to /etc/foreman/ca.pem. Do I need to add my IPA CA cert there as
well? Or is that setting just for communications with Puppet?