We created the new keys and certificates. After replacing the files in /var/lib/puppet/ssl/private_keys/server.pem and /var/lib/puppet/ssl/certs/server.pem The web interface is fine. However, the node.rb failed with the error: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket…

Thanks guys. m4c3 is right. Found that when I create the csr, I need to put “extendedKeyUsage = serverAuth, clientAuth” to make node.rb works.

TheForeman

Use custom SSL certificate

Support

puppet

ekohl October 19, 2018, 9:41am 4

Have a look at

Replacing self-signed certificates Support

Yes, I’ve been meaning to write a blog about this. I’ll leave placing the certificates in the right place as a users exercise (I used LetsEncrypt). You want to change the CA that’s used to verify as well. I was lazy and used the system CA bundle. You gain additional security against another CA issuing a cert by using the the exact certificate but IMHO that’s a very small chance and not a relevant attack vector for my personal infra. --foreman-server-ssl-cert /etc/letsencrypt/live/$HOSTNAME/cert…

show post in topic

Home
Categories
Guidelines
Terms of Service
Privacy Policy

Powered by Discourse, best viewed with JavaScript enabled