Problem:
Hello,
I’ve replaced the self signed certificates in Apache Webserver for Foreman with my domains certificates. I oriented myself on this tutorial: https://theforeman.org/2015/11/foreman-ssl.html
However I fear that I made a misstake. The webpage is displaying correctly in Firefox but now when I try to publish a new conent view version I get following error when clicking on save : There was an issue with the backend service pulp: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
A difference against the above mentioned tutorial is that changing the SSL seetings in 05-foreman-ssl.conf did not have any affect. I had to change them in a file called 03-crane.conf.
I’ve changed the settings in 03-crane.conf as follows:
SSLCertificateFile "/etc/pki/katello/certs/STAR_md80_ch.crt"
SSLCertificateKeyFile "/etc/pki/katello/certs/star_md80_ch.key"
SSLCertificateChainFile "/etc/pki/katello/certs/SSL_COM_RSA_SSL_SUBCA.crt"
error shown in the About page:
#### Backend System Status
|Component|Status|Message|
| --- | --- | --- |
|candlepin|OK||
|candlepin_auth|OK||
|foreman_tasks|OK||
|pulp|FAIL|SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)|
|pulp_auth|FAIL|Skipped pulp_auth check after failed pulp check|
I’ve seen this warning in the documentation above :
It is important that you do not change
SSLCACertificateFile
orSSLCARevocationFile
, as these are used for client authentication
That is probably where I made a misstake. I tried to revert the setting to :
SSLCertificateChainFile "/etc/pki/katello/certs/katello-default-ca.crt"
restarted httpd but no change in behaviour.
Foreman and Proxy versions:
Foreman 1.20.1
Katello 3.10.0
Foreman and Proxy plugin versions:
Other relevant data:
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)
logs
in the /var/log/httpd/foreman-ssl_error_ssl.log I only see:
[Fri Feb 22 09:45:34.690914 2019] [ssl:error] [pid 10103] [client 192.168.178.22:57598] AH02039: Certificate Verification: Error (19): self signed certificate in certificate chain