Problem:
Replacing self signed certificate in /etc/httpd/conf.d/05-foreman-ssl.conf with an internally signed cert, key and CA cert is causing the login page to service “ERR_SSL_PROTOCOL_ERROR”. Client access entries in the http log also stop.
Expected outcome:
Trusted login to Web UI
Foreman and Proxy versions:
foreman-proxy-3.7.0-1
foreman-3.7.0-1
Distribution and version:
Rocky 8.8
Other relevant data:
I have searched inside and outside the forum for documentation on this and the most recent I can find is from 2019. The 3.7 manual is focused on using the Puppet CA. Is there a way to do this on version 3.7?
Here are the relevant lines I replaced in 05-foreman-ssl.conf:
## SSL directives
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/sample.domain.crt"
SSLCertificateKeyFile "/etc/pki/tls/private/sample.domain.key"
SSLCertificateChainFile "/etc/pki/tls/certs/ca-bundle.crt"
SSLVerifyClient optional
SSLVerifyDepth 3
SSLCACertificateFile "/etc/pki/tls/certs/ca-bundle.crt"
SSLOptions +StdEnvVars +ExportCertData
Any advice is very appreciated