Re: [foreman-users] Web interface SSL Cert
Hi Michael, I'm facing a similar problem, *probably *after adding our internal AD CA to: /etc/pki/ca-trust/source/ anchors/ and run: update-ca-trust (to use LDAPS as authentication source for Web GUI). Now, from the Capsule server, command: /etc/puppet/node.rb myclient.mydomain.com doesn't work anymore: Error retrieving node myclient.mydomain.com: Net::HTTPPreconditionFailed (with obvious consequencies on all clients) I'm not sure if the real cause is that. Any help? -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Web interface SSL Cert
Hi Michael, I'm facing a similar problem, *probably *after adding our internal AD CA to: /etc/pki/ca-trust/source/anchors/ and run: update-ca-trust (to use LDAPS as authentication source for Web GUI). Now, from the Capsule server, command: /etc/puppet/node.rb myclient.mydomain.com doesn't work anymore: Error retrieving node myclient.mydomain.com: Net::HTTPPreconditionFailed (with obvious consequencies on all clients) I'm not sure if the real cause is that but I'm seeing now that, after stopping httpd on Satellite server, node.rb is working again :-D Any help? -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-users] Web interface SSL Cert
Our solution for this problem is simply to create a new ca.pem file, which is just a concat of our (internal AD ca) + (puppet ca). We deploy this new "foreman-web-ca" on both the foreman servers and puppetmasters, then reference it in foreman's httpd.conf and the puppetmaster's /etc/puppetlabs/puppet/foreman.yaml :ssl_ca parameter. On Friday, December 2, 2016 at 8:27:53 AM UTC-5, Jason McMahan wrote: > > I know this is an older and revived thread, but was anyone able to get > this working? > We are using puppetca signed certs, but would like our web browser to be > from our internal AD ca so all our windows machines trust it. > We have followed articles at > https://theforeman.org/2015/11/foreman-ssl.html > https://alexshepherd.me/articles/changing-foremans-ssl-certificate > > https://flakrat.blogspot.com/2014/06/replace-foreman-self-signed-certificate.html > as well as this post. > > We make the changes but once completed we get an error unable to node, > communication is dead in the water to the foreman server but our web gui > works great. > > Any help is greatly appreciated. THank you > > > On Wednesday, March 16, 2016 at 10:42:06 PM UTC-5, Matt Cahill wrote: > >> Hi Marek, >> >> Thanks for that, it's definitely what I'm looking to do but unfortunately >> node.rb still fails after following those instructions. I think I'll open a >> ticket and see what happens. >> >> cheers >> >> Matt >> > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
