Install SSL Certificates for Ansible Automation Controller and Automation Hub
- Munshi Hafizul Haque
- Nov 7, 2021
- 6 min read
Updated: Nov 7, 2021
Let's create our organisation's custom sign certificate and update the SSL certificate on the Ansible Automation and Automation Hub web Interface.
Step 1: To create our root CA key and certificate.
[mhaque@munshi-lab ~ ]$ mkdir ssl_cert
[mhaque@munshi-lab ~ ]$ cd ssl_cert[mhaque@munshi-lab ssl_cert]$ openssl genrsa -des3 -out myCA.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
..................................................+++++
....................................................................+++++
e is 65537 (0x010001)
Enter pass phrase for myCA.key:
Verifying - Enter pass phrase for myCA.key:[mhaque@munshi-lab ssl_cert]$ openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
Enter pass phrase for myCA.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:MY
State or Province Name (full name) []:Selangor
Locality Name (eg, city) [Default City]:Subang
Organization Name (eg, company) [Default Company Ltd]:JazakAllah Info
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:munshi-lab.jazakallah.info
Email Address []:root@jazakallah.info[mhaque@munshi-lab ssl_cert]$ ls -l
total 12
-rw-------. 1 mhaque mhaque 1743 Nov 4 20:55 myCA.key
-rw-rw-r--. 1 mhaque mhaque 1501 Nov 4 20:57 myCA.pemNote: if you have a root CA server already in place in your organization then ignore step 1.
Step 2: To key file and the certificate request for the Ansible Controller.
[mhaque@munshi-lab ssl_cert]$ cat csr_answer.cfg
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = MY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Selangor
localityName = Locality Name (eg, city)
localityName_default = Subang
0.organizationName = Organization Name (eg, company)
0.organizationName_default = JazakAllah Info
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Blog
commonName = ansible4.jazakallah.info
commonName_max = 64
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = ansible4.jazakallah.info
IP.1 = 192.168.121.210
[mhaque@munshi-lab ssl_cert]$ cat ca_csr_answer.cfg
subjectAltName = @alt_names
[alt_names]
DNS.1 = ansible4.jazakallah.info
IP.1 = 192.168.121.210[mhaque@munshi-lab ssl_cert]$ openssl genrsa -out ansible4.key 4096
Generating RSA private key, 4096 bit long modulus (2 primes)
...........................................................................................................................................................................++++
....................++++
e is 65537 (0x010001)[mhaque@munshi-lab ssl_cert]$ openssl req -new -key ansible4.key -out ansible4.csr -config=csr_answer.cfg
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:
State or Province Name (full name) [Selangor]:
Locality Name (eg, city) [Subang]:
Organization Name (eg, company) [JazakAllah Info]:
Organizational Unit Name (eg, section) [Blog]:
ansible4.jazakallah.info []:ansible4.jazakallah.info[mhaque@munshi-lab ssl_cert]$ openssl req -in ansible4.csr -noout -text | grep DNS
DNS:ansible4.jazakallah.info, IP Address:192.168.121.210[mhaque@munshi-lab ssl_cert]$ openssl x509 -req -in ansible4.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out ansible4.crt -days 825 -sha256 -extfile ca_csr_answer.cfg
Signature ok
subject=C = MY, ST = Selangor, L = Subang, O = JazakAllah Info, OU = Blog, CN = ansible4.jazakallah.info
Getting CA Private Key
Enter pass phrase for myCA.key:[mhaque@munshi-lab ssl_cert]$ openssl x509 -in ansible4.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:48:67:a7:57:b8:2f:0c:d0:f8:7a:fb:44:34:bb:80:54:df:3b:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = MY, ST = Selangor, L = Subang, O = JazakAllah Info, OU = IT, CN = munshi-lab.jazakallah.info, emailAddress = root@jazakallah.info
Validity
Not Before: Nov 4 13:13:48 2021 GMT
Not After : Feb 7 13:13:48 2024 GMT
Subject: C = MY, ST = Selangor, L = Subang, O = JazakAllah Info, OU = Blog, CN = ansible4.jazakallah.info
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d0:61:b1:a2:28:70:bf:a7:10:8a:fd:fb:2f:e9:
6e:d2:5a:e8:b3:64:43:12:9b:4f:5c:38:81:d6:b5:
6d:4f:1c:a9:2c:ab:3f:1e:9a:60:62:ae:7d:41:14:
cb:a1:0a:4a:43:9f:18:6b:2f:f1:e9:8e:be:ea:4c:
fb:9c:7b:74:74:84:f3:de:cd:87:84:c9:9f:64:e4:
c4:40:17:ab:f0:54:97:5f:eb:a6:fd:f5:4d:4b:af:
c5:60:42:0c:1a:f2:16:a2:27:f0:0f:b7:ad:af:78:
22:a2:69:6a:30:07:3a:76:9c:bf:ae:5f:8f:69:98:
8b:4c:ec:b6:d7:80:0f:9d:b0:08:55:eb:07:70:27:
c4:1f:85:42:67:99:98:11:38:32:6a:30:53:d3:87:
6b:68:02:79:fb:c9:af:b8:2d:df:05:e5:2b:da:3a:
45:45:59:e9:2c:e0:73:2d:a1:5c:97:4b:45:82:dc:
5c:bb:e9:5a:86:b2:85:9c:9e:d3:1b:36:72:4a:79:
31:ef:e7:ba:bf:e6:4b:c8:36:8c:11:a0:38:03:d5:
3e:55:a6:5b:f6:04:ae:8e:8c:ad:df:2f:52:77:fc:
88:a6:b6:e5:02:a2:3a:d1:09:e7:57:0f:9a:bc:6e:
7e:86:4d:56:dc:59:ed:de:61:a0:79:be:a3:e0:43:
c4:b7:56:3e:dc:1d:f5:b1:ee:86:f4:41:c3:0f:9b:
2c:3d:2f:c3:b5:47:a2:b1:74:c7:fe:38:ca:39:ee:
23:86:14:ce:95:a7:cf:03:66:71:04:15:ed:a4:96:
38:12:3a:1a:83:f0:4c:5c:c3:e8:46:a5:c8:3b:30:
41:0d:57:41:21:96:51:d1:66:e0:d1:6d:5d:b0:21:
c5:32:5c:52:64:fb:11:1c:91:02:1d:ea:f3:9d:81:
cb:f2:44:82:96:dc:69:03:8c:e0:3d:10:8e:d5:9f:
f3:9b:cf:b2:89:60:a6:04:ea:48:33:18:1e:3e:13:
61:56:db:e0:85:52:ce:6f:2c:de:44:55:f0:bd:51:
54:63:f4:b5:6f:17:b6:42:d6:d7:0e:e6:2b:9e:ac:
e7:c8:c7:e1:6b:5d:e6:36:11:09:2a:0d:71:0d:26:
bd:52:31:2b:e0:01:91:01:02:47:75:f7:77:4f:a3:
f8:cc:72:70:3f:a9:04:ff:78:2b:a8:d7:d0:89:b7:
ee:74:70:3c:3b:c0:53:19:36:43:d8:62:e0:33:e1:
4a:88:24:ec:f0:c7:5b:8e:a2:71:11:eb:2d:00:bf:
48:a2:4d:5e:d3:02:0e:f7:6d:fe:72:2e:4d:b9:e8:
cf:ff:94:f9:ec:39:8c:67:73:a3:ab:25:17:1f:ab:
48:e6:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:ansible4.jazakallah.info, IP Address:192.168.121.210
Signature Algorithm: sha256WithRSAEncryption
8f:8e:19:dd:a2:8e:e2:98:e4:c3:a0:72:d2:58:93:4c:28:5f:
8f:e1:69:87:72:95:83:95:e7:22:a0:9d:31:35:85:b8:f4:36:
87:17:05:59:94:5a:87:49:58:95:b6:63:22:02:40:65:17:23:
60:3e:05:c4:32:1e:d9:45:72:a2:6d:80:9f:24:f5:c0:9c:52:
9c:c4:a3:ce:96:09:98:d6:fc:37:3a:d2:3a:21:8f:cc:63:22:
81:01:52:0e:a5:1b:11:b0:40:99:ba:e0:38:32:73:fb:e2:ed:
5a:f8:13:cc:18:29:a9:1a:5a:08:f2:db:90:3f:8f:4a:4c:18:
4d:06:1f:c0:6e:75:69:05:ed:dc:c0:b3:c1:e7:19:4b:52:f1:
c6:d0:78:5c:e6:89:8d:ef:25:4f:03:14:1a:89:64:69:a3:bf:
0e:39:d9:03:c5:05:75:a0:1d:77:e8:5d:f8:34:fa:c9:87:e2:
8e:27:a0:11:1e:a7:67:20:79:f8:16:06:5c:a1:0c:90:41:9d:
a5:7e:33:4b:4d:46:46:d3:9c:8e:d2:d4:0c:f3:f2:51:cc:17:
0a:a2:b2:88:6d:2d:05:96:d9:50:c2:69:5f:1b:ef:53:d1:cc:
d6:fa:c1:cb:28:59:66:73:dd:ae:f5:6c:cf:5c:a5:2e:6d:da:
34:fd:cf:6a
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgIUdkhnp1e4LwzQ+Hr7RDS7gFTfOwEwDQYJKoZIhvcNAQEL
BQAwgaIxCzAJBgNVBAYTAk1ZMREwDwYDVQQIDAhTZWxhbmdvcjEPMA0GA1UEBwwG
U3ViYW5nMRgwFgYDVQQKDA9KYXpha0FsbGFoIEluZm8xCzAJBgNVBAsMAklUMSMw
IQYDVQQDDBptdW5zaGktbGFiLmphemFrYWxsYWguaW5mbzEjMCEGCSqGSIb3DQEJ
ARYUcm9vdEBqYXpha2FsbGFoLmluZm8wHhcNMjExMTA0MTMxMzQ4WhcNMjQwMjA3
MTMxMzQ4WjB9MQswCQYDVQQGEwJNWTERMA8GA1UECAwIU2VsYW5nb3IxDzANBgNV
BAcMBlN1YmFuZzEYMBYGA1UECgwPSmF6YWtBbGxhaCBJbmZvMQ0wCwYDVQQLDARC
bG9nMSEwHwYDVQQDDBhhbnNpYmxlNC5qYXpha2FsbGFoLmluZm8wggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQDQYbGiKHC/pxCK/fsv6W7SWuizZEMSm09c
OIHWtW1PHKksqz8emmBirn1BFMuhCkpDnxhrL/Hpjr7qTPuce3R0hPPezYeEyZ9k
5MRAF6vwVJdf66b99U1Lr8VgQgwa8haiJ/APt62veCKiaWowBzp2nL+uX49pmItM
7LbXgA+dsAhV6wdwJ8QfhUJnmZgRODJqMFPTh2toAnn7ya+4Ld8F5SvaOkVFWeks
4HMtoVyXS0WC3Fy76VqGsoWcntMbNnJKeTHv57q/5kvINowRoDgD1T5Vplv2BK6O
jK3fL1J3/IimtuUCojrRCedXD5q8bn6GTVbcWe3eYaB5vqPgQ8S3Vj7cHfWx7ob0
QcMPmyw9L8O1R6KxdMf+OMo57iOGFM6Vp88DZnEEFe2kljgSOhqD8Excw+hGpcg7
MEENV0EhllHRZuDRbV2wIcUyXFJk+xEckQId6vOdgcvyRIKW3GkDjOA9EI7Vn/Ob
z7KJYKYE6kgzGB4+E2FW2+CFUs5vLN5EVfC9UVRj9LVvF7ZC1tcO5iuerOfIx+Fr
XeY2EQkqDXENJr1SMSvgAZEBAkd193dPo/jMcnA/qQT/eCuo19CJt+50cDw7wFMZ
NkPYYuAz4UqIJOzwx1uOonER6y0Av0iiTV7TAg73bf5yLk256M//lPnsOYxnc6Or
JRcfq0jmzQIDAQABoy0wKzApBgNVHREEIjAgghhhbnNpYmxlNC5qYXpha2FsbGFo
LmluZm+HBMCoedIwDQYJKoZIhvcNAQELBQADggEBAI+OGd2ijuKY5MOgctJYk0wo
X4/haYdylYOV5yKgnTE1hbj0NocXBVmUWodJWJW2YyICQGUXI2A+BcQyHtlFcqJt
gJ8k9cCcUpzEo86WCZjW/Dc60johj8xjIoEBUg6lGxGwQJm64Dgyc/vi7Vr4E8wY
KakaWgjy25A/j0pMGE0GH8BudWkF7dzAs8HnGUtS8cbQeFzmiY3vJU8DFBqJZGmj
vw452QPFBXWgHXfoXfg0+smH4o4noBEep2cgefgWBlyhDJBBnaV+M0tNRkbTnI7S
1Azz8lHMFwqisohtLQWW2VDCaV8b71PRzNb6wcsoWWZz3a71bM9cpS5t2jT9z2o=
-----END CERTIFICATE-----Step 3: To key file and the certificate request for the Ansible Automation Hub by following step 2.
Note: make sure the IP Address and the Host Name (FQDN) of the Ansible Automation Hub system in the csr_answer.cfg and ca_csr_answer.cfg file.
Now we have to configure the necessary changes in the Ansible Controller and Automation Hub system.
Ansible Controller System:
Step 1: To copy the root CA certificate file as well as the signed certificate and associate key file in this system.
[root@ansible4 ~ ]# scp mhaque@192.168.121.1:/home/mhaque/ssl_cert/*.* .
mhaque@192.168.121.1's password:
ansible4.crt 100% 1744 9.7MB/s 00:00
ansible4.csr 100% 1809 10.4MB/s 00:00
ansible4.key 100% 3243 13.6MB/s 00:00
myCA.pem 100% 1501 7.0MB/s 00:00 Step 2: To configure a custom SSL certificate instead of the Self-Signed SSL certificate generated by ansible controller.
[root@ansible4 tower]# ls -l
-rw-r-----. 1 root awx 1528 Oct 25 12:32 myCA.pem
-rw-------. 1 root awx 1184 Oct 25 12:35 tower.cert
-rw-------. 1 root awx 1708 Oct 25 12:35 tower.key
[root@ansible4 ~]# cd /etc/tower/
[root@ansible4 tower]# mv tower.cert tower.cert-org
[root@ansible4 tower]# mv tower.key tower.key-org
[root@ansible4 tower]# cp ~/ansible4.key tower.key
[root@ansible4 tower]# cp ~/ansible4.crt tower.cert
[root@ansible4 tower]# chgrp awx tower.*
[root@ansible4 tower]# ls -l
total 28
-rw-r-----. 1 root awx 2472 Oct 25 12:35 candlepin-redhat-ca.crt
drwxr-x---. 2 root awx 162 Oct 25 12:35 conf.d
-rw-r-----. 1 root awx 44 Oct 25 12:30 SECRET_KEY
-rw-r-----. 1 root awx 1528 Oct 25 12:32 settings.py
-rw-r--r--. 1 root awx 1744 Nov 4 21:36 tower.cert
-rw-------. 1 root awx 1184 Oct 25 12:35 tower.cert-org
-rw-------. 1 root awx 3243 Nov 4 21:36 tower.key
-rw-------. 1 root awx 1708 Oct 25 12:35 tower.key-org[root@ansible4 tower]# systemctl restart nginx.service
[root@ansible4 tower]# systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/nginx.service.d
└─override.conf
Active: active (running) since Thu 2021-11-04 21:37:43 +08; 7s ago
Process: 5603 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 5601 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 5598 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 5605 (nginx)
Tasks: 2 (limit: 30150)
Memory: 2.3M
CGroup: /system.slice/nginx.service
├─5605 nginx: master process /usr/sbin/nginx
└─5606 nginx: worker process
Nov 04 21:37:43 ansible4.jazakallah.info systemd[1]: nginx.service: Succeeded.Step3: To verify SSL certificate for the ansible controller from the web browser.
Ansible Automation Hub System:
Step 1: To copy the root CA certificate file as well as the signed certificate and associate key file in this system.
[root@ansible4-ah ~ ]# scp mhaque@192.168.121.1:/home/mhaque/ssl_cert/*.* .
mhaque@192.168.121.1's password:
ansible4-ah.crt 100% 1744 9.7MB/s 00:00
ansible4-ah.csr 100% 1809 10.4MB/s 00:00
ansible4-ah.key 100% 3243 13.6MB/s 00:00
myCA.pem 100% 1501 7.0MB/s 00:00 Step 2: To configure a custom SSL certificate instead of the Self-Signed SSL certificate generated by ansible controller.
[root@ansible4-ah ~]# cd /etc/pulp/certs/
[root@ansible4-ah certs]# ll
total 24
-rw-r--r--. 1 root pulp 1972 Nov 3 18:02 pulp_webserver.crt
-rw-------. 1 root pulp 3243 Nov 3 18:02 pulp_webserver.key
-rw-r--r--. 1 root root 1935 Nov 3 18:02 root.crt
-rw-------. 1 root root 3243 Nov 3 18:02 root.key
-rw-------. 1 pulp pulp 227 Nov 3 18:02 token_private_key.pem
-rw-r--r--. 1 pulp pulp 178 Nov 3 18:02 token_public_key.pem
[root@ansible4-ah certs]# mv pulp_webserver.crt pulp_webserver.crt-org
[root@ansible4-ah certs]# mv pulp_webserver.key pulp_webserver.key-org
[root@ansible4-ah certs]# cp /root/ansible4-ah.key pulp_webserver.key
[root@ansible4-ah certs]# cp /root/ansible4-ah.crt pulp_webserver.crt
[root@ansible4-ah certs]# chgrp pulp pulp_webserver.key
[root@ansible4-ah certs]# chgrp pulp pulp_webserver.crt
[root@ansible4-ah certs]# systemctl restart nginxStep 3: To verify SSL certificate for the Automation Hub from the web browser.
Step 4: To verify SSL certificate for the Automation Hub during the image registry access.
Remove the registries.insecure entry that we previously added on our earlier post (Install Automation Hub).
[root@ansible4-ah certs]# vi /etc/containers/registries.conf
# Registries that do not use TLS when pulling images or uses self-signed
# certificates.
[registries.insecure]
registries = []Now, trying to login to the image registry in the Automation Hub system.
[root@ansible4-ah certs]# podman login ansible4-ah.jazakallah.info -u aap4admin
Password:
Error: authenticating creds for "ansible4-ah.jazakallah.info": error pinging docker registry ansible4-ah.jazakallah.info: Get "https://ansible4-ah.jazakallah.info/v2/": x509: certificate signed by unknown authorityThe certificates verification failed and it's signed by unknown authority as expected. To resolve the above issue, We have update-ca-trust that will add certificates to ca-bundle.
[root@ansible4-ah certs]# cp /root/myCA.pem /etc/pki/ca-trust/source/anchors/
[root@ansible4-ah certs]# update-ca-trust extract
[root@ansible4-ah certs]# openssl x509 -in /etc/pki/tls/certs/ca-bundle.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:3b:57:f6:6f:28:99:dd:f5:f6:77:bf:f5:dd:2c:2d:ee:ef:4b:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = MY, ST = Selangor, L = Subang, O = JazakAllah Info, OU = IT, CN = munshi-lab.jazakallah.info, emailAddress = root@jazakallah.info
Validity
Not Before: Nov 4 12:57:24 2021 GMT
Not After : Nov 3 12:57:24 2026 GMT
Subject: C = MY, ST = Selangor, L = Subang, O = JazakAllah Info, OU = IT, CN = munshi-lab.jazakallah.info, emailAddress = root@jazakallah.info
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:57:c8:19:55:1b:e7:a8:49:ec:96:17:3d:49:
77:1a:22:2f:04:6e:91:c3:1a:78:82:d5:15:b3:9e:
2b:d0:f4:b3:6f:e2:c0:be:47:e9:99:31:22:cc:84:
dc:f1:ca:54:10:94:50:ef:96:74:fa:a7:99:10:c5:
c0:4a:04:a1:64:04:7d:26:bd:fe:ad:4d:af:11:3a:
b6:8b:29:b0:93:33:65:ca:92:2e:90:f9:81:bc:11:
6e:4c:ac:b4:9b:c4:e7:d1:23:e0:5e:e0:2c:64:27:
4c:3b:08:16:ea:4f:ff:c9:2c:a7:9d:d9:99:f3:6f:
bb:f3:7f:56:60:04:fa:e1:9f:f9:f4:1e:82:b9:fe:
52:41:4d:ba:a2:29:81:55:9f:17:67:a5:d4:d6:09:
3a:fd:32:58:b4:51:94:97:96:ca:af:0b:92:f4:d6:
5f:e7:86:48:37:35:f0:50:5d:1e:15:ad:65:d7:64:
ab:70:f0:8a:31:88:75:5a:c8:35:e4:ac:93:48:a6:
22:1f:62:45:ae:10:6f:32:6c:29:8d:13:aa:30:4f:
72:fa:5d:1d:8f:b2:a1:fc:ca:d8:8c:cd:b7:5f:6b:
e9:a0:d0:93:30:a8:4b:bf:db:a9:5e:51:e6:34:af:
e9:72:a4:df:21:57:4a:2f:ee:30:e4:75:9d:0a:88:
c1:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:E9:8B:58:0E:15:C2:D4:F0:CD:15:65:3B:0A:D5:1F:2A:7F:BA:96
X509v3 Authority Key Identifier:
keyid:E6:E9:8B:58:0E:15:C2:D4:F0:CD:15:65:3B:0A:D5:1F:2A:7F:BA:96
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
a3:c3:94:3e:ba:2b:93:29:46:ae:9b:26:46:da:68:75:eb:da:
ae:f8:97:6f:ea:0e:8b:57:2b:39:9c:e2:e0:78:90:d2:22:6a:
63:fe:53:27:f4:9b:47:59:e2:94:ad:2e:ad:3c:3c:64:bc:92:
63:dd:b4:30:43:f0:6d:f5:9f:d9:6a:70:33:cd:3c:52:ef:df:
5d:8a:c2:7e:70:ce:d4:99:6c:cb:de:04:35:90:de:c9:9b:d4:
e3:53:fb:e7:32:14:63:69:3f:93:f3:32:6c:a1:89:7d:b1:9d:
6b:49:36:a2:27:ce:34:3d:ef:11:ff:56:23:5f:b9:a9:b7:34:
57:9a:19:95:69:d0:aa:80:6f:b9:4d:f3:b4:9b:78:23:e5:ba:
c5:ef:45:eb:c7:14:93:08:6b:27:11:ac:eb:40:e2:f2:f5:12:
bd:93:52:ae:e8:e9:e0:60:ad:cf:27:b6:de:dc:aa:d5:8a:3d:
19:00:36:18:a0:5b:a0:50:0e:ed:94:89:a1:27:fa:dc:c0:48:
d7:76:a9:5b:d6:c2:27:c3:05:de:2e:80:a4:d1:84:cd:b6:59:
c9:a3:ba:5b:03:c8:af:b6:10:5d:58:55:ca:41:dc:67:4e:5e:
97:4c:25:9a:4b:d1:61:b8:39:fa:a6:4e:3f:72:fa:ec:58:19:
9c:f6:fa:77Now, trying to login to the image registry in the Automation Hub system again and its Login Successfully.
[root@ansible4-ah certs]# podman login ansible4-ah.jazakallah.info -u aap4admin
Password:
Login Succeeded!Hopefully this post will be helpful for you.
Great article. Thank you for sharing. I currently have a new 2.5-12 environment with controller, hub, gateway, and DB. What needs to be done to correctly set the cert chain for this bigger environment?