I'm trying to get Foreman installed at a client site and have been running into the above bug, but for different reasons. If you generate the PKI certs on windows, it will use "/" as the separation character. In addition the default regex will not pull only the CN entry, but anything after the CN as well. This was causing strange errors like the following:

/var/log/foreman/production.log:No smart proxy server found on ["foreman.linux.lab.local/emailAddress=user@example.com"] and is not in trusted_puppetmaster_hosts

The DN for the cert in question which was signed by a Windows CA is:

"/C=US/ST=NC/L=City/O=Example/OU=IT/CN=foreman.linux.lab.local/emailAddress=user@example.com" 

dn =~ /CN=([^\s\/,]+)/i

Andrew, it looks like your solution is a good fix
would you like to send the pull request?

Ori,
I'll see what I can do to put a pull together for it. Are there any appropriate pages I should read first?

Ohad, Ori

I've almost got a pull request done, but I'm wondering if we might be going about this all wrong. I know with the openssl command line utilities it will often display the CN entry with "," and "/" characters as separators using it's default mode. There is an option to display the CN using only "," characters, I think the option option is an RFC related one, it's been a few weeks I don't exactly recall. Perhaps it would be best to first extract the CN using the appropriate format, then parse on that.

Pull request #1678 created.