Help with Foreman 1.22 and installing signed certificates

I found another entry on here about using katello-certs-check.

It looks like:
usage: /sbin/katello-certs-check -c CERT_FILE -k KEY_FILE -b CA_BUNDLE_FILE
# katello-certs-check -c system_Foreman.pem -k foreman_cert_key.pem -b RootandIssuingca.pem

Validation succeeded

To install the Katello main server with the custom certificates, run:

foreman-installer --scenario katello \
                  --certs-server-cert "/root/foreman_cert/system_Foreman.pem" \
                  --certs-server-key "/root/foreman_cert/foreman_cert_key.pem" \
                  --certs-server-ca-cert "/root/foreman_cert/RootandIssuingca.pem"

To update the certificates on a currently running Katello installation, run:

foreman-installer --scenario katello \
                  --certs-server-cert "/root/foreman_cert/system_Foreman.pem" \
                  --certs-server-key "/root/foreman_cert/foreman_cert_key.pem" \
                  --certs-server-ca-cert "/root/foreman_cert/RootandIssuingca.pem" \
                  --certs-update-server --certs-update-server-ca

When I try and use that minus the --scenario katello, I don’t need katello at the moment.

I get:
ERROR: Unrecognised option ‘–certs-server-cert’

I am trying to figure out what new options I should be using instead?
I see all of these:

I am mostly just trying to have the web page use https: and have the secure padlock.

Foreman and Proxy versions:

It seems to install and work okay without the certificates, but I would like to have them so I don’t have to keep adding an exception to my browser.

Thanks for any help or suggestion!


as far as I recall, Foreman without Katello does not use a dedicated CA but insted just reuses the Puppet certificates for all its needs. So maybe you want to check with the Puppet documentation on how to set it up to use a custom CA. I do not think this is currently covered in the Foreman documentation.


1 Like

I switched to installing Katello instead of Foreman and I wasn’t able to use signed certs on the initial install, but I was able to run the foreman-installer --scenario katello with the --certs-update-server --certs-update-server-ca option and it worked.

Thanks for the direction to try katello.