Skip to content

This is way out of date now

The information in this post is so out-dated that I wonder why I'm keeping it around. I guess I'm a digital hoarder...

Quick Background

While attempting to troubleshoot why my Foreman install stopped allowing me to log in via my LDAP server, which I still have not solved, I hit another issue. Apache would not start due to a certificate chain issue.

From the Logs

HTTPD Logs

[Thu Apr 02 23:45:04.653116 2015] [ssl:emerg] [pid 14354] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/httpd/foreman-ssl_error_ssl.log for more information

Foreman Logs (foreman-ssl_error_ssl.log)

AH01903: Failed to configure CA certificate chain!

Why it happened (I think...)

During the LDAP issue troubleshooting, I must have removed the puppet CA...

The Solution

Fixed it by doing the following (which was pulled from [Foreman Support

2435](http://projects.theforeman.org/issues/2435)

export CACERT=/var/lib/puppet/ssl/certs/ca.pem; ln -s $CACERT /etc/pki/tls/certs/$(openssl x509 -noout -hash -in $CACERT).0