In my production deployment I've noticed that katello can't talk to its own
smart proxy, but can communicate with the capsules. I'm still trying to
debug it, but I haven't had any success.
I think the root of the problem (and I mention it in the ticket) is the
software is designed to assume tw
That's a great summary, and it also highlights the other problem of
renewals, at least with let's encrypt certs. Since katello expects the root
to be included, it adds one more step to the process during cert renewals
because LE doesn't include the root in the cert. It only goes up to DST X3,
and y
Great, confirmation is a wonderful thing!
I've written a ticket regarding these issues which I've submitted. Let me
know if I missed anything.
http://projects.theforeman.org/issues/16620
On Monday, September 19, 2016 at 8:13:18 PM UTC-5, prasu...@gmail.com wrote:
>
> Hi Danny,
> Thanks! That wo
Hi Danny,
Thanks! That worked. Here's what I did:
cd /etc/foreman
cp proxy_ca.pem proxy_ca_bkp.pem
cp /root/ssl-build/katello-default-ca.crt ./proxy_ca.pem
Regards,
Prasun
On Mon, Sep 19, 2016 at 8:57 PM, Danny Kimsey wrote:
> Prasun Gera, I was working with jsherril on IRC earlier and might h
Prasun Gera, I was working with jsherril on IRC earlier and might have a
potential work-around.
On the foreman master, the /etc/foreman/proxy_ca.pem file likely has the
custom certificate chain, try swapping it out for your default-ca (the
internal self-signed). This appears to have addressed my i
Yes, I can confirm that foreman-proxy doesn't start with the same errors.
On Mon, Sep 19, 2016 at 1:25 PM, Danny Kimsey wrote:
>
> On Monday, September 19, 2016 at 6:25:04 AM UTC-5, prasu...@gmail.com
> wrote:
> This issue still exists for Katello 3.1. Without the workaround mentioned
> by Clara
On Monday, September 19, 2016 at 6:25:04 AM UTC-5, prasu...@gmail.com wrote:
This issue still exists for Katello 3.1. Without the workaround mentioned
by Claran, it's not possible to use custom SSL certificates for katello.
I too have run into this issue. Copying the default-ca into the system
This issue still exists for Katello 3.1. Without the workaround mentioned
by Claran, it's not possible to use custom SSL certificates for katello.
On Wed, Aug 17, 2016 at 10:40 AM, CiarĂ¡n Taog wrote:
> I was finally able to resolve this issue by performing the following.
>
> The default katello