Update SSL for Web interface

Would it be possible to get some official documentation or guidance on how to update the SSL certificate used for the Foreman user interface? I’ve seen multiple discussions on this topic on this forum, but no definitive answers:

This seems like something that would be a common need. I’ve been playing with 1.16, but we’d really like to use our own SSL certificate for the user interface.


1 Like

i was really hoping for an answer – is there any documentation I’m missing, that’s up to date? This seems like a pretty basic thing – being able to have a foreman site that doesn’t produce certificate errors.

I have the same problem, just trying to replace web SSL certificate but every possible solution on the web breaks something.
Could someone please help us here. Ty

I’m still stuck on this. All my browsers fail to connect, giving some variation of the error, “Because this site uses HTTP Strict Transport Security, you can’t continue to this site at this time”. Help! Doesn’t seem like this should be this difficult.

Just to replace the SSL certs you can use --foreman-server-ssl-cert, --foreman-server-ssl-key and --foreman-server-ssl-chain. The problem is that now your proxies need to check for a different CA and I don’t know the configuration to change that off the top of my head.

That’s the issue though – what are the steps I need to do to make it work as expected?

So I even tried with completely fresh server following this link but still can’t get it working with certificates. Now my web ssl is ok but when I tried to go to content host it gives me this error:
Oops, we’re sorry but something went wrong hostname “foreman server” does not match the server certificate

I was able to make only one of them work - either the web interface or the proxies, couldn’t figure out a way to make both work with SSL…