Foreman » Smart Proxy

Description of problem:

When establishing a SSL connection against foreman-proxy configured with custom certs which use a bundle with root + intermediate certificates, the full certificate chain is not presented to the client.

This requires that the client establishing the connection trust all the intermediate CAs of the bundle for it to work. If the full certificate chain is present, the client only needs to trust the ROOT CA for the connection to be verified.

This is important for customer using custom certs and doing registration through capsules, since a registration command goes to port 9090.

Apache, for example, do offer the full certificate chain.

Version-Release number of selected component (if applicable):

How reproducible:
Always

Steps to Reproduce:
1. Configure your Satellite/Capsule to use custom certs and provide a bundle with more than one certificate
2. try establishing a connection the foreman-proxy and check the certificates sent by the server:

~_{~
echo |openssl s_client -connect $(hostname -f):9090 -showcerts 2> /dev/null |awk -v cmd='openssl x509 -noout -subject ' ' /BEGIN/{close(cmd)};{print | cmd}' 2> /dev/null}
~~

You will see only the Server certificate

Actual results:

Only server certificate (no CA chain)

Expected results:
Full certificate chain present