Hi all,
Is anyone using Foreman in an LAN using https? If so, is there any way
around the broken SSL lock in the address bar? We are running a server on
the internal network using self signed cert. The server is not internet
facing. We can add an exception and proceed but the broken https icon does
not look good.
Thanks for your help!
You can get the broken lock for a few reasons, but I'm guessing you need
to import the CA cert used to sign your foreman's httpd SSL cert into
the browser.
Thanks Chris,
Yes that will get me passed having to click through the warning but will
not get rid of the broken lock.
Since it is a local server it does not have a public domain name. There for
i cannot get a cert from a CA, it needs to be a self signed cert.
Just wondering if anyone has experience deploying Foreman over https
locally.
Thanks again.
Hi
If you actually properly import the certificate into your browser you should no
longer see any broken lock. What browser are you using? Chrome for
example displays a broken lock for certificates with SHA1 hashes.
Cheers
Michael
Thanks Michael,
Do you have a working instance with a self signed cert? With local IP or
<hostname>.localhost in cert. And your browser is happy with singing.
Have tried Chrome/Firefox/Chromium.
Hi
> Thanks Michael,
>
> Do you have a working instance with a self signed cert? With local IP or
> <hostname>.localhost in cert. And your browser is happy with singing.
>
> Have tried Chrome/Firefox/Chromium.
[…]
Ah, you're right. If you import a self-signed server cert it will still display
the yellow triangle.
In that case you'll have to create a self-signed Root CA first and then issue
and sign your own certificate for the Foreman server. Afterwards import the Root
CA and/or intermediate public key as a valid authority into your browser. This
should definitely result in a green lock. 
Cheers
Michael