I install foreman on Puppet Server which has 100 Hosts, what the best way to create those Hosts for foreman? Only via API ? because the certfiticates are already signed, so foreman doesnt show those Servers right ?
It depends on what you want to do with the hosts once you have them in Foreman. You could perhaps install Foreman on separate machine and just install the puppet enc script that would send facts for every hosts asking for the resource catalog. Foreman can create hosts based on such information automatically. See Foreman :: Manual for more details. Also this blog post can be interesting in your case. If you already have Foreman on the same machine, you could reconfigure it to use the existing Puppet certificates. The key is the enc script sends the data to Foreman, hosts should start appear then.
Foreman does not care that much about client certificates of managed machines. It needs to trust puppet server callback though. The data flows like this:
host -----------> puppet server -----------> foreman
Therefore puppet server callback must trust Foreman’s SSL certificate and must use client certificate that Foreman trusts. The installer by default uses the same CA certificate, which is created by puppet CA.