Skip to content

Custom SSL certificate process for Capsules clarification#3940

Draft
rh-max wants to merge 1 commit intotheforeman:masterfrom
rh-max:custom-ssl-cert
Draft

Custom SSL certificate process for Capsules clarification#3940
rh-max wants to merge 1 commit intotheforeman:masterfrom
rh-max:custom-ssl-cert

Conversation

@rh-max
Copy link
Contributor

@rh-max rh-max commented Jun 18, 2025

What changes are you introducing?

Procedure clarifications for SSL certs for Capsules.

Why are you introducing these changes? (Explanation, links to references, issues, etc.)

https://issues.redhat.com/browse/SAT-22614

Anything else to add? (Considerations, potential downsides, alternative solutions you have explored, etc.)

Checklists

  • I am okay with my commits getting squashed when you merge this PR.
  • I am familiar with the contributing guidelines.

Please cherry-pick my commits into:

  • Foreman 3.15/Katello 4.17
  • Foreman 3.14/Katello 4.16 (Satellite 6.17)
  • Foreman 3.13/Katello 4.15 (EL9 only)
  • Foreman 3.12/Katello 4.14 (Satellite 6.16; orcharhino 7.2 on EL9 only)
  • Foreman 3.11/Katello 4.13 (orcharhino 6.11 on EL8 only; orcharhino 7.0 on EL8+EL9; orcharhino 7.1 with Leapp)
  • Foreman 3.10/Katello 4.12
  • Foreman 3.9/Katello 4.11 (Satellite 6.15; orcharhino 6.8/6.9/6.10)
  • We do not accept PRs for Foreman older than 3.9.

@github-actions github-actions bot added Needs tech review Requires a review from the technical perspective Needs style review Requires a review from docs style/grammar perspective Needs testing Requires functional testing labels Jun 18, 2025
@github-actions
Copy link

github-actions bot commented Jun 18, 2025

The PR preview for 825706c is available at theforeman-foreman-documentation-preview-pr-3940.surge.sh

The following output files are affected by this PR:

show diff

show diff as HTML

Lennonka
Lennonka requested changes Jun 23, 2025
View reviewed changes
Copy link
Contributor

@Lennonka Lennonka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small suggestions

guides/common/modules/proc_deploying-a-custom-ssl-certificate-to-smart-proxy-server.adoc

[NOTE]
====
Once you have obtained the server certificate, private key, and CA chain from the Certificate Authority (CA) for each {SmartProxyServer}, organize these files into separate directories named after each {SmartProxyServer} on your {ProjectServer}.
Copy link
Contributor

@Lennonka Lennonka Jun 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Once you have obtained the server certificate, private key, and CA chain from the Certificate Authority (CA) for each {SmartProxyServer}, organize these files into separate directories named after each {SmartProxyServer} on your {ProjectServer}.
Once you have obtained the server certificate, private key, and CA chain from the Certificate Authority (CA) for each {SmartProxyServer}, organize these files into separate directories on your {ProjectServer}.
Name the directories after each {SmartProxyServer}.

For better clarity

guides/common/modules/proc_creating-a-custom-ssl-certificate.adoc
ifeval::["{context}" == "{smart-proxy-context}"]
On {ProjectServer}, create a custom certificate for your {ProductName}.
If you already have a custom SSL certificate for {ProductName}, skip this procedure.
On {ProjectServer}, you must generate a unique private key and Certificate Signing Request (CSR) for each {ProductName} that you want to secure with a custom SSL certificate.
Copy link
Contributor

@Lennonka Lennonka Jun 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
On {ProjectServer}, you must generate a unique private key and Certificate Signing Request (CSR) for each {ProductName} that you want to secure with a custom SSL certificate.
On {ProjectServer}, generate a unique private key and Certificate Signing Request (CSR) for each {ProductName} that you want to secure with a custom SSL certificate.

Remove fluff

guides/common/modules/proc_creating-a-custom-ssl-certificate.adoc
Comment on lines +11 to +12

Use this procedure for each {ProductName} that requires a custom SSL certificate.
Copy link
Contributor

@Lennonka Lennonka Jun 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Use this procedure for each {ProductName} that requires a custom SSL certificate.

I think that this is an unnecessary repetition.

@pr-processor pr-processor bot added Waiting on contributor Requires an action from the author and removed Not yet reviewed labels Jun 23, 2025
@maximiliankolb
Copy link
Contributor

maximiliankolb commented Jul 10, 2025

triage: @rh-max Please ping someone for tech review & apply Lena's suggestions.

@aneta-petrova aneta-petrova marked this pull request as draft September 11, 2025 11:58
@aneta-petrova
Copy link
Member

aneta-petrova commented Sep 11, 2025

Moving to draft while we look for a new owner.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Lennonka Lennonka Lennonka requested changes

Assignees

No one assigned

Labels

Needs style review Requires a review from docs style/grammar perspective Needs tech review Requires a review from the technical perspective Needs testing Requires functional testing Waiting on contributor Requires an action from the author

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rh-max @maximiliankolb @aneta-petrova @Lennonka