It's works, but after couple of weeks I have some problems:


1. When I opened  foreman URL, web browser asked me for user certifcate for 
authentification. When I clicked cancel, a could normaly log in. 

It isn't a big problem, but i'm corious why it's happening. 


2. When i restarted service puppetserver, autosign certifcates became 
untrusted, and I had to cleaned certifcates on agent, and manual signed it 
by forman GUI.

It's a bigger problem :) 


W dniu środa, 21 września 2016 09:29:23 UTC+2 użytkownik woj woj napisał:
>
> It works.
> Thank you very much! 
>
> W dniu wtorek, 20 września 2016 18:54:48 UTC+2 użytkownik Edward Berger 
> napisał:
>>
>>
>> I know there's some SElinux magic, but if you have disabled SELinux you 
>> can try a command line like
>> this to install a new web certificate, key, and chain (intermediate 
>> certificates) and keep the puppet part working...
>>
>> foreman-installer \
>> --foreman-server-ssl-key=/etc/pki/tls/private/foreman.example.com.key \
>> --puppet-server-foreman=true \
>> --foreman-server-ssl-cert=/etc/pki/tls/certs/foreman.example.com.crt \
>> --foreman-server-ssl-chain=/etc/pki/tls/certs/cachain.crt \
>> --foreman-server-ssl-certs-dir=/etc/pki/tls/certs \
>> --foreman-websockets-encrypt=true \
>> --foreman-websockets-ssl-key=/etc/pki/tls/private/foreman.example.com.key 
>> \
>> --foreman-websockets-ssl-cert=/etc/pki/tls/certs/foreman.example.com.crt \
>> --puppet-server-foreman=true \
>> --puppet-server-foreman-ssl-ca=/etc/pki/tls/certs/cachain.crt \
>> --foreman-proxy-foreman-ssl-ca=/etc/pki/tls/certs/cachain.crt \
>> --foreman-foreman-url=https://foreman.example.com
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to