theforeman · aneta-petrova · Oct 24, 2025 · Oct 29, 2025 · Oct 30, 2025 · Oct 30, 2025
diff --git a/guides/common/assembly_using-the-mcp-server-for-project.adoc b/guides/common/assembly_using-the-mcp-server-for-project.adoc
@@ -4,4 +4,6 @@ include::modules/con_using-the-mcp-server-for-project.adoc[]
 
 include::modules/con_overview-of-project-mcp-integration.adoc[leveloffset=+1]
 
+include::modules/proc_obtaining-the-location-of-the-ca-bundle-for-project.adoc[leveloffset=+1]
+
 include::assembly_generating-reports-by-using-the-mcp-server-for-project.adoc[leveloffset=+1]
diff --git a/guides/common/modules/proc_configuring-the-mcp-server-for-project.adoc b/guides/common/modules/proc_configuring-the-mcp-server-for-project.adoc
@@ -12,7 +12,8 @@ Perform these steps on the same system where your MCP client will run.
 ifdef::satellite[]
 * You are logged in to the registry.redhat.io container registry.
 endif::[]
-* The CA bundle for your {Project} is available on the system.
+* The certificate authority (CA) bundle for your {Project} is available on your system and you know its location.
+For more information, see xref:obtaining-the-location-of-the-ca-bundle-for-{project-context}[].
 
 .Procedure
 . Optional: Pull the latest version of the MCP container image from the registry:
@@ -26,7 +27,7 @@ $ podman pull {mcp-server-image}
 [options="nowrap", subs="+quotes,attributes"]
 ----
 $ podman run --interactive --tty --publish 127.0.0.1:8080:8080 \
-  --volume _/Path/To/My/CA_Bundle.pem_:/app/ca.pem:ro,Z \
+  --volume _Path_to_My_CA_Bundle_:/app/ca.pem:ro,Z \
   {mcp-server-image} \
   --foreman-url https://_{foreman-example-com}_
 ----
@@ -37,6 +38,7 @@ The options used in the command include the following:
 `--volume`:: Mounts your CA certificate bundle from the host machine to the default location (`ca.pem`) inside the container.
 * `ro` makes the read-only mode inside the container
 * `Z` relabels the file with a private, unshared label
+`--_Path_to_My_CA_Bundle_`:: Specifies the location of the {Project} CA bundle on the system.
 
 .Additional resources
 ifdef::satellite[]

diff --git a/...es/common/modules/proc_obtaining-the-location-of-the-ca-bundle-for-project.adoc b/...es/common/modules/proc_obtaining-the-location-of-the-ca-bundle-for-project.adoc
@@ -0,0 +1,27 @@
+[id="obtaining-the-location-of-the-ca-bundle-for-{project-context}"]
+= Obtaining the location of the CA bundle for {Project}
+
+[role="_abstract"]
+To deploy the MCP server for {Project}, the CA bundle for {Project} must be available on the system where the MCP server is being deployed.
+The CA bundle is the certificate of a CA which signed the certificate that is used to secure {ProjectWebUI}.
+
+Perform these steps on your {ProjectServer} or ask your administrator to perform them for you.
+
+.Procedure
+. Locate the CA bundle.
+For example, if you are using the default self-signed {Project} certificate, obtain the CA bundle location by inspecting the *SSLCACertificateFile* value in the `/etc/httpd/conf.d/05-foreman-ssl.conf` file:
++
+[options="nowrap", subs="+quotes,attributes"]
+----
+# cat /etc/httpd/conf.d/05-foreman-ssl.conf | awk -F '"' '/SSLCACertificateFile/ { print $2 }'
+----
++
+The default location is
+ifdef::katello,orcharhino,satellite[]
+`/etc/pki/katello/certs/katello-default-ca.crt`
+endif::[]
+ifdef::foreman-deb,foreman-el[]
+`/etc/puppetlabs/puppet/ssl/certs/ca.pem`
+endif::[]
+.
+. If you are deploying the MCP server on a system other than your {ProjectServer}, transfer the CA bundle to that system.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4,4 +4,6 @@ include::modules/con_using-the-mcp-server-for-project.adoc[]

		include::modules/con_overview-of-project-mcp-integration.adoc[leveloffset=+1]

		include::modules/proc_obtaining-the-location-of-the-ca-bundle-for-project.adoc[leveloffset=+1]

		include::assembly_generating-reports-by-using-the-mcp-server-for-project.adoc[leveloffset=+1]