I did eventually get this working. https://theforeman.org/2015/11/foreman-ssl.html https://alexshepherd.me/articles/changing-foremans-ssl-certificate <https://www.google.com/url?q=https%3A%2F%2Falexshepherd.me%2Farticles%2Fchanging-foremans-ssl-certificate&sa=D&sntz=1&usg=AFQjCNF-HApeEJhueDE1sOtYBG2JkVVV2A>
The specific problem I had all along was that I was supplied an intermediate cert chain without the root CA (as mentioned by alex shepherd). Concatenating their intermediate and the root CA into one pem and referencing that in /etc/puppetlabs/puppet/foreman.yaml for :ssl_ca: fixed the problem. Installing via puppet: foreman::ssl: true puppet::server_foreman_ssl_ca: '/etc/pki/tls/certs/cachain_with_root.pem' puppet::server_foreman_url: 'https://puppet.example.com' foreman::server_ssl_key: '/etc/pki/tls/private/puppet.example.com.key' foreman::server_ssl_cert: '/etc/pki/tls/certs/puppet.example.com.crt' foreman::server_ssl_chain: '/etc/pki/tls/certs/cachain_with_root.pem' foreman::servername: 'puppet.example.com' foreman::foreman_url: 'https://puppet.example.com' foreman::websockets_ssl_key: '/etc/pki/tls/private/puppet.example.key' foreman::websockets_ssl_cert: '/etc/pki/tls/certs/puppet.example.crt' or with foreman-installer options foreman-installer --foreman-ssl \ --puppet-server-foreman-ssl-ca '/etc/pki/tls/certs/cachain_with_root.pem' \ --puppet-server-foreman-url 'https://puppet.example.com' \ --foreman-server-ssl-key '/etc/pki/tls/private/puppet.example.com.key' \ --foreman-server-ssl-cert '/etc/pki/tls/certs/puppet.example.com.crt' \ --foreman-server-ssl-chain '/etc/pki/tls/certs/cachain_with_root.pem' \ --foreman-servername 'puppet.example.com' \ --foreman-foreman-url 'https://puppet.example.com' \ --foreman-websockets-ssl-key '/etc/pki/tls/private/puppet.example.key' \ --foreman-websockets-ssl-cert '/etc/pki/tls/certs/puppet.example.crt' cheers Matt -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
