Renew Foreman/Katello SSL certificate

hass · April 17, 2024, 4:21pm

Problem:
I need to renew SSL certificates on Foreman due to expiry.

Expected outcome:
Foreman working with new certs

Foreman and Proxy versions:
Foreman 3.9 & Katello 4.11. all in one setup.

Foreman and Proxy plugin versions:
Foreman 3.9 & Katello 4.11

Distribution and version:
Rocky 8.9

Other relevant data:
Hi

I need to replace the SSL certificates on the current working Foreman setup. The certs are going to expire and I want to add another name to be accepted to the ssl cert. I don’t want to change the file name or the CA or anything else.

My question is after I replace the certificate and key, is restarting the foreman via foreman-maintain is enough for new certs to be picked up or should I run foreman-installer just like I did during the installation?

Thanks

gvde · April 17, 2024, 5:55pm

You should follow the docs Renewing a SSL certificate on Foreman server

hass · April 18, 2024, 9:07am

Thank you for replying @gvde
I don’t know how I missed that. I think I was just looking in the forum and couldn’t find anything.

Another question on this. When my setup is all-in-one, do I still need to run process for updating the certs on Foreman server and on Smart proxy separately, like it’s mentioned in the guide?

hass · April 18, 2024, 4:14pm

never mind. didn’t need to run the smart proxy stuff.