willt · February 10, 2017 19:34 · Feb 10, 2017
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,156 @@
+I believe everything is working with a custom ssl certificate using the below config.
+I did a normal install then changed the config files. I would still like to find out how to specify all
+of this in the installer/answer files.
+Wildcard cert purchased from comodo: star.example.com.crt, star.example.com.key
+CA Bundle from comodo: ca-bundle-comodo.crt are 
+
+On foreman server:
+/etc/httpd.conf/05-foreman-ssl.conf
+  SSLCertificateFile      "/etc/pki/tls/certs/star.example.com.crt"
+  SSLCertificateChainFile "/etc/pki/tls/certs/ca-bundle-comodo.crt"
+  SSLCertificateKeyFile   "/etc/pki/tls/private/star.example.com.key"
+  SSLCACertificateFile    "/etc/pki/tls/cert.pem"
+
+/etc/httpd.conf/03-crange.conf
+  # had to change servername to localhost to get the right ssl cert in the browser. otherwise the private one would still load
+  ServerName localhost 
+  SSLCertificateFile      "/etc/pki/katello/certs/katello-apache.crt"
+  SSLCertificateKeyFile   "/etc/pki/katello/private/katello-apache.key"
+  SSLCertificateChainFile "/etc/pki/katello/certs/katello-default-ca.crt"
+  SSLCACertificatePath    "/etc/pki/tls/certs"
+  SSLCACertificateFile    "/etc/pki/tls/cert.pem"
+
+
+/etc/puppetlabs/puppet/foreman.yaml
+:ssl_ca: "/etc/pki/tls/cert.pem"
+:ssl_cert: "/etc/pki/tls/certs/star.example.com.crt"
+:ssl_key: "/etc/pki/tls/private/star.example.com.key"
+
+/etc/foreman/settings.yaml
+# webosckets should probably be changed to custom cert location to match apache
+:websockets_ssl_key: /etc/pki/katello/private/katello-apache.key
+:websockets_ssl_cert: /etc/pki/katello/certs/katello-apache.crt
+:ssl_certificate: /etc/foreman/client_cert.pem
+:ssl_ca_file:  /etc/pki/tls/cert.pem  
+:ssl_priv_key: /etc/foreman/client_key.pem
+# md5sum /etc/foreman/*.pem
+9450a1d8dfd239efe3d31916f1eeec8d  client_cert.pem
+67231dd8eb9d737108383fa9ad444861  client_key.pem
+bd85d8897c8fda210fc24ef915de709b  proxy_ca.pem
+
+/etc/foreman-proxy/settings.yml
+:ssl_ca_file:  /etc/pki/tls/cert.pem 
+:ssl_certificate: /etc/foreman-proxy/ssl_cert.pem
+:ssl_private_key: /etc/foreman-proxy/ssl_key.pem
+:foreman_ssl_ca: /etc/pki/tls/cert.pem
+:foreman_ssl_cert: /etc/foreman-proxy/foreman_ssl_cert.pem
+:foreman_ssl_key: /etc/foreman-proxy/foreman_ssl_key.pem
+/etc/foreman-proxy
+# md5sum *.pem                               
+bd85d8897c8fda210fc24ef915de709b  foreman_ssl_ca.pem
+2bab97e02fbc49bef2f9a4968f2875f9  foreman_ssl_cert.pem
+4e9cfb1eb259ed84596f8b1d46a7524b  foreman_ssl_key.pem
+bd85d8897c8fda210fc24ef915de709b  ssl_ca.pem
+6a161d72396f80dd149c3d09e3710cf5  ssl_cert.pem
+eb308439eaf0a1df7daa4bb913721226  ssl_key.pem
+
+
+/etc/qpid-dispatch/qdrouterd.conf
+ssl-profile {
+    name: client
+    cert-db:  /etc/pki/tls/cert.pem  
+    cert-file: /etc/pki/katello/qpid_router_client.crt
+    key-file: /etc/pki/katello/qpid_router_client.key
+}
+
+ssl-profile {
+    name: server
+    cert-db:  /etc/pki/tls/cert.pem  
+    cert-file: /etc/pki/katello/qpid_router_server.crt
+    key-file: /etc/pki/katello/qpid_router_server.key
+}
+
+
+/etc/pulp/server.conf
+[security]
+cacert: /etc/pki/pulp/ca.crt
+[messaging]
+cacert:  /etc/pki/tls/cert.pem
+[tasks]
+cacert: /etc/pki/katello/certs/katello-default-ca.crt
+
+
+ca-bundle-comodo.crt is the bundle from the ssl provider
+copied ca-bundle-comodo.crt to /etc/pki/ca-trust/source/anchors/
+update-ca-trust && update-ca-trust extract
+# ls -la /etc/pki/ca-trust/source/anchors/
+-rw-r--r--. 1 root root 5626 Feb  9 11:15 ca-bundle-comodo.crt
+-rw-r--r--. 1 root root 5373 Feb  8 14:39 katello-server-ca.pem
+-rw-r--r--. 1 root root 5373 Feb  8 09:14 katello_server-host-cert.crt
+# md5sum  *
+d6043ae416229f1641e083a1d586b6c7  ca-bundle-comodo.crt
+bd85d8897c8fda210fc24ef915de709b  katello-server-ca.pem
+bd85d8897c8fda210fc24ef915de709b  katello_server-host-cert.crt
+
+For reference:
+/etc/pki/katello
+# md5sum *.crt *.key
+ee44a087b3a2abaaffa5c602a22054c6  qpid_client_striped.crt
+e8dc50547691dcb417c84fe29fb877ed  qpid_router_client.crt
+e7fb25a56203eb98815479f8868c4612  qpid_router_server.crt
+3c54fae87115bfdd770ded28fab47b8a  qpid_router_client.key
+75431cf12d912e9fced488b90e45fc25  qpid_router_server.key
+
+/etc/pki/katello/private
+# md5sum  *
+4463248fbd716d103af59f05adfdc1d2  foreman.example.com-foreman-proxy-client-bundle.pem
+6530f601cf20c23db30fe974ea648fc2  foreman.example.com-qpid-broker.key
+49248873bbb45f6e65b529bb4de795a5  java-client.key
+659e7b068ecf84f6a1aec700a38fa3f9  katello-apache.key
+dfb58f098ac0fcab2ae2ec271ec03128  katello-default-ca.key
+d3a0a04e42e2193e351e54a9550f3809  katello-default-ca.pwd
+fbf25b330b954e933418a64864129bb5  pulp-client.key
+
+/etc/pki/katello/certs
+# md5sum  *
+df3f0f7a720520e3ba1d73f135a6d13d  foreman.example.com-qpid-broker.crt
+299f06f5c43538974ca45c25c9e2b63e  java-client.crt
+ea632d9176ac6f16a5bf67127bab773c  katello-apache.crt
+bd85d8897c8fda210fc24ef915de709b  katello-default-ca.crt
+88f32f5814f834570cda035e5cd59ae5  katello-default-ca-stripped.crt
+bd85d8897c8fda210fc24ef915de709b  katello-server-ca.crt
+
+/etc/pki/katello-certs-tools/certs
+# md5sum *.crt
+ea632d9176ac6f16a5bf67127bab773c  foreman.example.com-apache.crt
+9450a1d8dfd239efe3d31916f1eeec8d  foreman.example.com-foreman-client.crt
+2bab97e02fbc49bef2f9a4968f2875f9  foreman.example.com-foreman-proxy-client.crt
+6a161d72396f80dd149c3d09e3710cf5  foreman.example.com-foreman-proxy.crt
+883ffc9d8caeef9547ef3da1f579daf4  foreman.example.com-puppet-client.crt
+df3f0f7a720520e3ba1d73f135a6d13d  foreman.example.com-qpid-broker.crt
+67b0f50ae0b15b3237b838ae75515d39  foreman.example.com-qpid-client-cert.crt
+e8dc50547691dcb417c84fe29fb877ed  foreman.example.com-qpid-router-client.crt
+e7fb25a56203eb98815479f8868c4612  foreman.example.com-qpid-router-server.crt
+299f06f5c43538974ca45c25c9e2b63e  java-client.crt
+bd85d8897c8fda210fc24ef915de709b  katello-default-ca.crt
+bd85d8897c8fda210fc24ef915de709b  katello-server-ca.crt
+fd12d69cbd5f20121acbb4e706883146  pulp-client.crt
+
+/etc/pki/katello-certs-tools/private
+# md5sum  *
+659e7b068ecf84f6a1aec700a38fa3f9  foreman.example.com-apache.key
+67231dd8eb9d737108383fa9ad444861  foreman.example.com-foreman-client.key
+4e9cfb1eb259ed84596f8b1d46a7524b  foreman.example.com-foreman-proxy-client.key
+eb308439eaf0a1df7daa4bb913721226  foreman.example.com-foreman-proxy.key
+edcce9176a46eafc00d8e488cdfb93ed  foreman.example.com-puppet-client.key
+6530f601cf20c23db30fe974ea648fc2  foreman.example.com-qpid-broker.key
+51b17bcbc85b1c7ed2c3c4ff13bb94e2  foreman.example.com-qpid-client-cert.key
+3c54fae87115bfdd770ded28fab47b8a  foreman.example.com-qpid-router-client.key
+75431cf12d912e9fced488b90e45fc25  foreman.example.com-qpid-router-server.key
+49248873bbb45f6e65b529bb4de795a5  java-client.key
+fbf25b330b954e933418a64864129bb5  pulp-client.key
+
+on clients:
+copy ca-bundle-comodo.crt to  /etc/rhsm/ca/comodo-ca.pem
+# Extension naming probably doesn't matter I just chose pem
+Would be nice if this was just part of the consumer rpm
No results found