Using the following two websites loosely as a guide I was able to get katello/foreman to use the original self signed ssl certs.
https://access.redhat.com/solutions/1311844 http://mariopang.blogspot.com/2015/05/reset-from-custom-certs-to-self-signed.html 1. ran the following to remove old certs. [root@satellite ~]# for i in $(ls /etc/pki/katello-certs-tools/certs/*); do rpm -qf $i >> /tmp/pkgs done yum remove `cat /tmp/pkgs | sort | uniq` -y [root@satellite ~]# find /etc/pki/katello-certs-tools/* -type f -exec rm -f {} \; && rm -f /tmp/pkgs 2. then I searched for any cert/key/csr that started with the servers fqdn in the /etc/pki directory. Also searched for any file named comodo* in the same. I removed all 3. removed /etc/pki/katello/certs/java-client.crt 4. edited /etc/foreman-installer/scenarios.d/katello-answers.yaml and removed all but the following from the certs: section. certs: generate: true deploy: true group: foreman 5. Ran the foreman-installer to fix things up (recreate/configure self signed certs) foreman-installer --scenario katello --certs-update-server 6. rebooted the server (didn't want to mess with figuring out what actually needed to be restarted) I did have to clear all browser cache data since foreman is setup to use hsts so that old info needed to be purged. Now I'm connecting securely yet insecurely. Now to see if upgrading to 3.3 will brake now. -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
