In my production deployment I've noticed that katello can't talk to its own smart proxy, but can communicate with the capsules. I'm still trying to debug it, but I haven't had any success.
I think the root of the problem (and I mention it in the ticket) is the software is designed to assume two different CAs (katello-default-ca and katello-custom-ca)*, but default install is with the one CA, katello-default-ca. So logical errors like flipping the certs or their chains are not visible. Unfortunately the issue is back-logged for the time being. I would recommend anyone trying to do this in production to not bother at this time. * Maybe renaming to katello-internal-ca and katello-external-ca might be more meaningful? Or updating the katello connection diagram to state which certs should be where. -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
