I’ve rebuilt my ansible server, switching from nightly to the latest stable.
I’d like to add a cert signed by my intermediary CA to the mix and have followed this guide which is quite dated. Foreman :: Replacing Foreman's web SSL certificate.
The problems I’m encountering are.
- Pulp stalls indefinitely
- Hammer throws errors unless I instruct it to ignore cert validity
- Proxy service throws various errors
The web service is using the correct cert though, and I’m able to connect to the web console without issue, the backend services are however struggling as mentioned above.
I’ve generated 3 files
/etc/pki/foreman/foreman-ssl.key (RSA 2048 Private Key)
/etc/pki/foreman/fforeman-ssl.cer (Cert signed by the intermediate CA)
/etc/pki/foreman/fforeman-ssl-keychan.crt (Merged copy of the .PEM cert for my Root and Intermediate, signing CA. The Intermediate CA’s cert is placed after the Root one)
/etc/pki/foreman/ 700
/etc/pki/foreman/* 600
I’ve updated the appropriate references in
- /etc/foreman-proxy/settings.yaml
- /etc/foreman/settings.yaml
- /etc/hammer/cli_config.yml (Not in guide but found I had to adjust it to :verify_ssl: false, as it seems to ignore :ssl_ca_file:)
Is there perhaps a more up to date guide I can reference? that one is very old now and diddn’t mention things such as the hammer config.
Running AlmaLinux 8.5 (RHEL Clone)