Problem:
When I try to create my first repository I see this:
Error
There was an issue with the backend service pulp3: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
Expected outcome:
The system will trust the pulp certificate
Foreman and Proxy versions:
Foreman 3.15 Katello 4.17
Foreman and Proxy plugin versions:
Distribution and version:
Rocky Linux 9.6
Other relevant data:
I’m building a new server to replace our old redhat 8 server. I’m comparing both and can’t see any differences between howt he old one was set up 2 years ago. /var/pulp/settings.conf are default on both. I’ve verified the default certificates are at /etc/pki/katello/certs. Interestingly before I replaced the apache certs with CA certs I couldn’t get ot the login on the web page. Maybe something untrusted about these certificates in general?
Hmm, it seems this is a browser issue.
Chrome version 138 rejects the self signed certificates outright. I tried firefox and brave and they allow me to log in with the self signed certs and also create a new repository. Ironically I never use Chrome and was only using it today because I’m at the offfice and that’s the installed browser. Not sure it matters to devs, but here’s what I see at the login page with chrome:
foreman.domain.ca normally uses encryption to protect your information. When Chrome tried to connect to foreman-van-02.mainframe.ca this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be foreman-van-02.mainframe.ca, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit foreman.domain.ca right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
If I were to want to replace the generated self-signed certs for pulp, where do I put the path to the crt and key? /etc/pulp/settings.conf?
