I have an existing Katello 2.7 server which I'd like to add a wildcard
certificate to. I've generated the key and CSR using openssl. The signed
certificate is from DigiCert. I attempted to update the certificate using :
katello-installer
–certs-update-server-ca
–certs-update-server
–certs-server-cert="/etc/pki/tls/certs/star_myorg_org.crt"
–certs-server-cert-req "/etc/pki/tls/certs/foreman-katello.csr"
–certs-server-key="/etc/pki/tls/private/foreman-katello.key"
–certs-server-ca-cert="/etc/pki/tls/certs/DigiCertCA.crt"
–foreman-server-ssl-ca="/etc/pki/tls/certs/DigiCertCA.crt"
–foreman-server-ssl-key="/etc/pki/tls/private/foreman-katello.key"
–foreman-server-ssl-cert="/etc/pki/tls/certs/star_myorg_org.crt"
–foreman-server-ssl-chain="/etc/pki/tls/certs/DigiCertCA.crt"
–foreman-foreman-url="https://foreman.myorg.org"
The install completed without error, however, the SmartProxy has this error:
ProxyAPI::ProxyException
ERF12-5356 [ProxyAPI::ProxyException]: Unable to get PuppetCA certificates
([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verif…) for proxy
https://hostname.myorg.org:9090/puppet/ca
lib/proxy_api/puppetca.rb:47:in rescue in all' lib/proxy_api/puppetca.rb:45:in
all'
app/services/smart_proxies/puppet_ca.rb:21:in all' app/services/smart_proxies/puppet_ca.rb:36:in
find_by_state'
app/controllers/puppetca_controller.rb:8:in index' app/models/concerns/foreman/thread_session.rb:33:in
clear_thread'
lib/middleware/catch_json_parse_errors.rb:9:in `call'
and my nodes/hosts cannot run - presumably because of the above error. I
have a snapshot of this VM so I can go back to Self-Signed, but I'd prefer
to use a signed cert.