AAP WebGUI Certificates

If you have a certificate problem with your AAP webGUI.

Add a certificate

1/ DL on your AAP server the certificates (probably a files named like the following: AAP-Server.your.company.org.key.pem and AAP-Server.your.company.org.cert.pem)

2/ In your /etc/tower folder you should have some old certificates, rename them and put your news certificates with the same name:

# cp /etc/tower/tower.cert /etc/tower/tower.cert-$(date +%F)
# cp /etc/tower/tower.key /etc/tower/tower.key-$(date +%F)

# rm /etc/tower/tower.cert
# rm /etc/tower/tower.key

# cp AAP-Server.your.company.org.key.pem /etc/tower/
# cp AAP-Server.your.company.org.cert.pem /etc/tower/

# mv /etc/tower/AAP-Server.your.company.org.key.pem /etc/tower/tower.key
# mv /etc/tower/AAP-Server.your.company.org.cert.pem /etc/tower/tower.cert

3/ Restore SELinux context and set permissions

# restorecon -v /etc/tower/tower.cert
# restorecon -v /etc/tower/tower.key

# chown root:awx /etc/tower/tower.cert
# chown root:awx /etc/tower/tower.key

# chmod 0600 /etc/tower/tower.cert 
# chmod 0600 /etc/tower/tower.key

4/ Test your NGNIX configuration and if ok/sucessful reload it:

# nginx -t
# systemctl reload nginx.service

5/ Test your handshake:

# true | openssl s_client -showcerts -connect ${CONTROLLER_FQDN}:443
[...]
SSL handshake has read 2207 bytes and written 406 bytes
Verification: OK
[...]

6/ Return to your browser, certificates should be OK.

Documentation

https://access.redhat.com/solutions/3109871