On 10/11/2016 01:11 PM, Jorick Astrego wrote: > > Hi, > > We have freeipa attached to Katello/foreman and now I want to use the > certmonger ssl certificates for Katello/foreman/puppet. > > After reading several manuals, blogposts and other info (most of it is > a bit outdated); I found a solution that appears to work. The > webserver has a new certificate, but still it fails on candlepin. > > > qpid-config --ssl-certificate > /etc/pki/katello/certs/java-client.crt --ssl-key > /etc/pki/katello/private/java-client.key -b > 'amqps://<servername>:5671' add exchange topic event --durable > returned 1 instead of one of [0] > /Stage[main]/Certs::Candlepin/Exec[create candlepin qpid > exchange]/returns: change from notrun to 0 failed: qpid-config > --ssl-certificate /etc/pki/katello/certs/java-client.crt --ssl-key > /etc/pki/katello/private/java-client.key -b > 'amqps://deployen.netbulae.mgmt:5671' add exchange topic event > --durable returned 1 instead of one of [0] > > > Failed: ConnectError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert > unknown ca (_ssl.c:765) >
Found bug http://projects.theforeman.org/issues/15700 that's supposed to be fixed in 3.2. Will test it now. Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts ---------------- Tel: 053 20 30 270 [email protected] Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ---------------- -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
