Project

General

Profile

Actions
Copy link

Bug #8372

closed

Make puppet ssl certificate+key that is used to authenticate against foreman available to the smart-proxy

Added by Martin Milata over 9 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ivan Necas
Category:
Installer
Target version:
Katello 2.2
Difficulty:
Triaged:
Yes
Bugzilla link:
1180051
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

The smart-proxy-abrt (and possibly other plugins, like openscap) needs to send HTTP requests to Foreman, and for that it needs to be SSL-authenticated. However the cert+key in /etc/foreman-proxy/ssl_{cert,key}.pem cannot be used because it is designated as a server certificate and Apache rejects it when it is used for client authentication.

We can reuse the cert+key pair in /etc/puppet, however smart-proxy currently does not have the permissions to access the private key.

1) Can you copy /etc/puppet/{client_cert,client_key,ssl_ca.pem} to /etc/foreman-proxy with permissions so that smart-proxy can read them? (On my system /etc/puppet/ssl_ca.pem is the same as /etc/foreman-proxy/ssl_ca.pem so no need to have it twice if it's always the case)

2) Can you then assign the paths to the files to foreman_ssl_cert, foreman_ssl_key, and foreman_ssl_ca in /etc/foreman-proxy/settings.yml?

Related issues 1 (0 open1 closed)

Related to Installer - Bug #7833: Deploy foreman_url setting for proxy configurationClosed10/07/2014Actions
Actions
Copy link

Also available in: Atom PDF