I’ve replaced the self signed certificates in Apache Webserver for Foreman with my domains certificates. I oriented myself on this tutorial: https://theforeman.org/2015/11/foreman-ssl.html
However I fear that I made a misstake. The webpage is displaying correctly in Firefox but now when I try to publish a new conent view version I get following error when clicking on save : There was an issue with the backend service pulp: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
A difference against the above mentioned tutorial is that changing the SSL seetings in 05-foreman-ssl.conf did not have any affect. I had to change them in a file called 03-crane.conf.
I’ve changed the settings in 03-crane.conf as follows:
SSLCertificateFile "/etc/pki/katello/certs/STAR_md80_ch.crt" SSLCertificateKeyFile "/etc/pki/katello/certs/star_md80_ch.key" SSLCertificateChainFile "/etc/pki/katello/certs/SSL_COM_RSA_SSL_SUBCA.crt"
error shown in the About page:
#### Backend System Status
|Component|Status|Message| | --- | --- | --- | |candlepin|OK|| |candlepin_auth|OK|| |foreman_tasks|OK|| |pulp|FAIL|SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)| |pulp_auth|FAIL|Skipped pulp_auth check after failed pulp check|
I’ve seen this warning in the documentation above :
It is important that you do not change
SSLCARevocationFile, as these are used for client authentication
That is probably where I made a misstake. I tried to revert the setting to :
restarted httpd but no change in behaviour.
Foreman and Proxy versions:
Foreman and Proxy plugin versions:
Other relevant data:
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)
logs in the /var/log/httpd/foreman-ssl_error_ssl.log I only see: [Fri Feb 22 09:45:34.690914 2019] [ssl:error] [pid 10103] [client 192.168.178.22:57598] AH02039: Certificate Verification: Error (19): self signed certificate in certificate chain