Hi, to practice an upgrade operation of a rather unkempt installation of Foreman 1.12, I have copied the entire host over to a new machine, with a new host name and a new IP. To be able to log in, I replaced the certificate with a self-signed one which makes the browser happy.
However, this does not make Foreman happy. Configuring the new host name as a smart proxy failed: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features Judging from searching for this error message, Foreman does not like the certificate presented by the smart proxy. Dual-checking the Certificate with openssl s_client -connect=my.new.hostname.example:8443 shows that it actually returns the new self-signed cert. My guess is that Foreman wants to see a certificate from the Puppet CA. How do I generate one manually? I know about puppet cert list and puppet cert sign, but I am at a loss about how to make my certificate request show up in the list. Do I only need to dump the certificate request in a certain directory (which one?) with a file name matching a certain pattern (which one?), or do I also need to call a certain command (which one?)? Or is the recommended way to create the certificate just calling puppet ca generate? As never having done this, who creates the private key and the certificate request with puppet ca generate? The man page for puppet ca generate is a bit terse. I'd appreciate any help in doing this, while I know that what I am trying to do is really dirty, I am actually doing this to not having to do unpracticed things in production. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
