Our solution for this problem is simply to create a new ca.pem file, which is just a concat of our (internal AD ca) + (puppet ca). We deploy this new "foreman-web-ca" on both the foreman servers and puppetmasters, then reference it in foreman's httpd.conf and the puppetmaster's /etc/puppetlabs/puppet/foreman.yaml :ssl_ca parameter.
On Friday, December 2, 2016 at 8:27:53 AM UTC-5, Jason McMahan wrote: > > I know this is an older and revived thread, but was anyone able to get > this working? > We are using puppetca signed certs, but would like our web browser to be > from our internal AD ca so all our windows machines trust it. > We have followed articles at > https://theforeman.org/2015/11/foreman-ssl.html > https://alexshepherd.me/articles/changing-foremans-ssl-certificate > > https://flakrat.blogspot.com/2014/06/replace-foreman-self-signed-certificate.html > as well as this post. > > We make the changes but once completed we get an error unable to node, > communication is dead in the water to the foreman server but our web gui > works great. > > Any help is greatly appreciated. THank you > > > On Wednesday, March 16, 2016 at 10:42:06 PM UTC-5, Matt Cahill wrote: > >> Hi Marek, >> >> Thanks for that, it's definitely what I'm looking to do but unfortunately >> node.rb still fails after following those instructions. I think I'll open a >> ticket and see what happens. >> >> cheers >> >> Matt >> > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
