Skip to content

Custom SSL certificate process for Capsules clarification #3940

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Custom SSL certificate process for Capsules clarification #3940

wants to merge 1 commit into from

Conversation

rh-max
Copy link
Contributor

@rh-max rh-max commented Jun 18, 2025

What changes are you introducing?

Procedure clarifications for SSL certs for Capsules.

Why are you introducing these changes? (Explanation, links to references, issues, etc.)

https://issues.redhat.com/browse/SAT-22614

Anything else to add? (Considerations, potential downsides, alternative solutions you have explored, etc.)

Checklists

  • I am okay with my commits getting squashed when you merge this PR.
  • I am familiar with the contributing guidelines.

Please cherry-pick my commits into:

  • Foreman 3.15/Katello 4.17
  • Foreman 3.14/Katello 4.16 (Satellite 6.17)
  • Foreman 3.13/Katello 4.15 (EL9 only)
  • Foreman 3.12/Katello 4.14 (Satellite 6.16; orcharhino 7.2 on EL9 only)
  • Foreman 3.11/Katello 4.13 (orcharhino 6.11 on EL8 only; orcharhino 7.0 on EL8+EL9; orcharhino 7.1 with Leapp)
  • Foreman 3.10/Katello 4.12
  • Foreman 3.9/Katello 4.11 (Satellite 6.15; orcharhino 6.8/6.9/6.10)
  • We do not accept PRs for Foreman older than 3.9.

@github-actions github-actions bot added Needs tech review Requires a review from the technical perspective Needs style review Requires a review from docs style/grammar perspective Needs testing Requires functional testing labels Jun 18, 2025
@github-actions GitHub Actions
Copy link

The PR preview for 825706c is available at theforeman-foreman-documentation-preview-pr-3940.surge.sh

The following output files are affected by this PR:

show diff

show diff as HTML

Lennonka
Lennonka requested changes Jun 23, 2025
View reviewed changes
Copy link
Contributor

@Lennonka Lennonka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small suggestions

guides/common/modules/proc_deploying-a-custom-ssl-certificate-to-smart-proxy-server.adoc

[NOTE]
====
Once you have obtained the server certificate, private key, and CA chain from the Certificate Authority (CA) for each {SmartProxyServer}, organize these files into separate directories named after each {SmartProxyServer} on your {ProjectServer}.
Copy link
Contributor

@Lennonka Lennonka Jun 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Once you have obtained the server certificate, private key, and CA chain from the Certificate Authority (CA) for each {SmartProxyServer}, organize these files into separate directories named after each {SmartProxyServer} on your {ProjectServer}.
Once you have obtained the server certificate, private key, and CA chain from the Certificate Authority (CA) for each {SmartProxyServer}, organize these files into separate directories on your {ProjectServer}.
Name the directories after each {SmartProxyServer}.

For better clarity

guides/common/modules/proc_creating-a-custom-ssl-certificate.adoc
ifeval::["{context}" == "{smart-proxy-context}"]
On {ProjectServer}, create a custom certificate for your {ProductName}.
If you already have a custom SSL certificate for {ProductName}, skip this procedure.
On {ProjectServer}, you must generate a unique private key and Certificate Signing Request (CSR) for each {ProductName} that you want to secure with a custom SSL certificate.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
On {ProjectServer}, you must generate a unique private key and Certificate Signing Request (CSR) for each {ProductName} that you want to secure with a custom SSL certificate.
On {ProjectServer}, generate a unique private key and Certificate Signing Request (CSR) for each {ProductName} that you want to secure with a custom SSL certificate.

Remove fluff

guides/common/modules/proc_creating-a-custom-ssl-certificate.adoc
Comment on lines +11 to +12

Use this procedure for each {ProductName} that requires a custom SSL certificate.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Use this procedure for each {ProductName} that requires a custom SSL certificate.

I think that this is an unnecessary repetition.

@pr-processor pr-processor bot added Waiting on contributor Requires an action from the author and removed Not yet reviewed labels Jun 23, 2025
@maximiliankolb
Copy link
Contributor

triage: @rh-max Please ping someone for tech review & apply Lena's suggestions.

@aneta-petrova aneta-petrova marked this pull request as draft September 11, 2025 11:58
@aneta-petrova
Copy link
Member

Moving to draft while we look for a new owner.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lennonka Lennonka Lennonka requested changes

Assignees
No one assigned
Labels
Needs style review Requires a review from docs style/grammar perspective Needs tech review Requires a review from the technical perspective Needs testing Requires functional testing Waiting on contributor Requires an action from the author
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rh-max @maximiliankolb @aneta-petrova @Lennonka