Problem:
I have installed Foreman 3.6.1 without Katello, and just using default certificates. I now want to change the Web UI to use a valid cert, but I get errors when changing it. When I run:
foreman-installer \
--foreman-server-ssl-cert /etc/ssl/certs/foreman.domain.local-cert.pem \
--foreman-server-ssl-key /etc/ssl/certs/foreman.domain.local-key.pem \
--foreman-server-ssl-chain /etc/ssl/certs/domainca.pem \
--foreman-websockets-ssl-cert /etc/ssl/certs/foreman.domain.local-cert.pem \
--foreman-websockets-ssl-key /etc/ssl/certs/foreman.domain.local-key.pem \
I get the following error:
2023-05-24 16:27:23 [NOTICE] [root] Loading installer configuration. This will take some time.
2023-05-24 16:27:26 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2023-05-24 16:27:26 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2023-05-24 16:27:30 [NOTICE] [configure] Starting system configuration.
2023-05-24 16:27:37 [NOTICE] [configure] 250 configuration steps out of 1265 steps complete.
2023-05-24 16:27:37 [NOTICE] [configure] 500 configuration steps out of 1269 steps complete.
2023-05-24 16:27:37 [NOTICE] [configure] 750 configuration steps out of 1274 steps complete.
2023-05-24 16:27:58 [NOTICE] [configure] 1000 configuration steps out of 1274 steps complete.
2023-05-24 16:27:59 [NOTICE] [configure] 1250 configuration steps out of 1470 steps complete.
2023-05-24 16:28:17 [ERROR ] [configure] /Stage[main]/Foreman::Register/Foreman_host[foreman-foreman--01.domain.local]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) in get request to: https://foreman--01.domain.local/api/v2/hosts?search=name%3D%22foreman--01.domain.local%22
2023-05-24 16:28:17 [ERROR ] [configure] Wrapped exception:
2023-05-24 16:28:17 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
2023-05-24 16:28:19 [NOTICE] [configure] System configuration has finished.
There were errors detected during install.
Please address the errors and re-run the installer to ensure the system is properly configured.
Failing to do so is likely to result in broken functionality
Although it seems to load the certificate ok, as I can then browse to the foreman UI, and it’s loaded my valid certificate. I’ve also tried adding settings like: --puppet-server-foreman-ssl-ca /etc/pki/tls/certs/ca-bundle.crt or --foreman-client-ssl-ca but same error.
Expected outcome:
Would expect the certificates, CA to change in the web UI, without breaking the foreman-installer
Foreman and Proxy versions:
3.6.1 without Katello
Distribution and version:
AlmaLinux 8.7