Replacing self signed certificate with internal CA for Foreman Web UI is failing


Replacing self signed certificate in /etc/httpd/conf.d/05-foreman-ssl.conf with an internally signed cert, key and CA cert is causing the login page to service “ERR_SSL_PROTOCOL_ERROR”. Client access entries in the http log also stop.

Expected outcome:

Trusted login to Web UI

Foreman and Proxy versions:


Distribution and version:

Rocky 8.8

Other relevant data:

I have searched inside and outside the forum for documentation on this and the most recent I can find is from 2019. The 3.7 manual is focused on using the Puppet CA. Is there a way to do this on version 3.7?

Here are the relevant lines I replaced in 05-foreman-ssl.conf:

  ## SSL directives
  SSLEngine on
  SSLCertificateFile      "/etc/pki/tls/certs/sample.domain.crt"
  SSLCertificateKeyFile   "/etc/pki/tls/private/sample.domain.key"
  SSLCertificateChainFile "/etc/pki/tls/certs/ca-bundle.crt"
  SSLVerifyClient         optional
  SSLVerifyDepth          3
  SSLCACertificateFile    "/etc/pki/tls/certs/ca-bundle.crt"
  SSLOptions +StdEnvVars +ExportCertData

Any advice is very appreciated