the default pxe template in foreman 1.4 creates the boot profiles URL based upon the state of the actual web interface page used to generate it,

eg:

if the user is viewing

https://foreman-host/config_templates then the default pxe parameters are generated in the pxelinux default config as

LABEL test - test/virtual
kernel boot/CentOS-6.5-x86_64-vmlinuz
append initrd=boot/CentOS-6.5-x86_64-initrd.img ks=https://foreman-host/unattended/template/test/virtual ksdevice=bootif network kssendmac

which doesn't work as the kickstart connection will try to be made on https, which requires a valid SSL certificate.

if the user generates the pxe menu with the web url

http://foreman-host/config_templates

then the pxe menu will be generated thus
LABEL test - test/virtual
kernel boot/CentOS-6.5-x86_64-vmlinuz
append initrd=boot/CentOS-6.5-x86_64-initrd.img ks=http://foreman-host/unattended/template/test/virtual ksdevice=bootif network kssendmac

to get the kickstart functioning on http - not https I have to set " :require_ssl: false " in /etc/foreman/settings.yaml

which is a security risk and a bit of a dirty hack.

the functionality should be that kickstart/build process is always done over http, unless https is configured for build operations in the unattended_url parameter.