[Katello 2.2] How do you replace the Foreman UI / webserver certificate?

I generated a csr and private key (using openssl) and got it signed (using
an internal authority).

But which configuration files should be changed to reference my new
certificate, cert chain and key?

I've been fiddling with SSL directives in
/etc/httpd/conf.d/05-foreman-ssl.conf but seem to be breaking more than I
would like.

Thanks.

Hi JC,

> I generated a csr and private key (using openssl) and got it signed (using
> an internal authority).
>
> But which configuration files should be changed to reference my new
> certificate, cert chain and key?
>
> I've been fiddling with SSL directives in
> /etc/httpd/conf.d/05-foreman-ssl.conf but seem to be breaking more than I
> would like.

As you are using Katello, I would recommend reading this section of the
README: https://github.com/katello/katello-installer#certificates

Passing your new cert, key, etc… as the arguments to the installer
would ensure all pieces work correctly. The installer is idempotent as
it's based on Puppet modules so it will apply the last configuration you
used PLUS the certificates.

You can also run the installer with the --noop option. This will just
display the changes it'll make without actually making any changes.

Hope this helps!

··· On 05/12, JC wrote:

Thanks.


You received this message because you are subscribed to the Google Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Daniel Lobato Garcia

@eLobatoss
blog.daniellobato.me
daniellobato.me

GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
Keybase: https://keybase.io/elobato

Thanks Daniel. I'll take a look / have a try.

··· On 13 May 2015 at 09:05, Daniel Lobato Garcia wrote:

Hi JC,

On 05/12, JC wrote:

I generated a csr and private key (using openssl) and got it signed
(using
an internal authority).

But which configuration files should be changed to reference my new
certificate, cert chain and key?

I’ve been fiddling with SSL directives in
/etc/httpd/conf.d/05-foreman-ssl.conf but seem to be breaking more than I
would like.

As you are using Katello, I would recommend reading this section of the
README: https://github.com/katello/katello-installer#certificates

Passing your new cert, key, etc… as the arguments to the installer
would ensure all pieces work correctly. The installer is idempotent as
it’s based on Puppet modules so it will apply the last configuration you
used PLUS the certificates.

You can also run the installer with the --noop option. This will just
display the changes it’ll make without actually making any changes.

Hope this helps!

Thanks.


You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Daniel Lobato Garcia

@eLobatoss
blog.daniellobato.me
daniellobato.me

GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
Keybase: https://keybase.io/elobato


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/fpodu6-7LP8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Jamie.