I did the install using the puppet installer and it set up the smart proxy.
The smart proxy is running. The smart proxy is configured in the Foreman
web interface but I cannot connect to its URL. When I try to I get the
message "No client SSL certificate supplied". I am connecting using Firefox
on my desktop. My desktop doesn't have a DNS entry so I can't list it as a
trusted host in /etc/foreman-proxy/settings.yml. I put the IP address but
it made no difference. I tried importing the 3 puppet certificates/keys
listed near the top of the /etc/foreman-proxy/settings.yml but it didn't
make any difference.
I run into the same issue, and now I don't know how to get back to the most
dangerous but functional behaviour.
IB
···
On Wednesday, October 15, 2014 1:22:33 AM UTC-4, gau...@indoaustinvestments.com wrote:
>
> I am using Foreman 1.6.1.
>
> I did the install using the puppet installer and it set up the smart
> proxy. The smart proxy is running. The smart proxy is configured in the
> Foreman web interface but I cannot connect to its URL. When I try to I get
> the message "No client SSL certificate supplied". I am connecting using
> Firefox on my desktop. My desktop doesn't have a DNS entry so I can't list
> it as a trusted host in /etc/foreman-proxy/settings.yml. I put the IP
> address but it made no difference. I tried importing the 3 puppet
> certificates/keys listed near the top of the
> /etc/foreman-proxy/settings.yml but it didn't make any difference.
>
> Any ideas on how to get around this problem?
>
> thanks
> Greg
>
Yeah, I didn't make this configurable. We probably could have an option
to disable all client SSL verification, but it's of limited use… it's
probably better to comment out the three ssl_* settings and go back to a
plain HTTP setup if you want it "open".
>
> I am using Foreman 1.6.1.
>
> I did the install using the puppet installer and it set up the smart
> proxy. The smart proxy is running. The smart proxy is configured in
> the Foreman web interface but I cannot connect to its URL. When I
> try to I get the message "No client SSL certificate supplied". I am
> connecting using Firefox on my desktop. My desktop doesn't have a
> DNS entry so I can't list it as a trusted host in
> /etc/foreman-proxy/settings.yml. I put the IP address but it made no
> difference. I tried importing the 3 puppet certificates/keys listed
> near the top of the /etc/foreman-proxy/settings.yml but it didn't
> make any difference.
>
> Any ideas on how to get around this problem?
You might be able to import a client SSL certificate into Firefox by
doing something like:
And then in Firefox do: Edit -> Preferences -> Advanced -> Ecryption ->
View Certificates -> Your Certificates -> Import…
But I've not tried it! The proxy isn't really meant for use from a
browser - there are one or two pages (DHCP I think), but these are now
available from the foreman_dhcp_browser plugin instead.
···
On 15/10/14 23:24, Ignacio Bravo wrote:
> On Wednesday, October 15, 2014 1:22:33 AM UTC-4, > gau...@indoaustinvestments.com wrote:
browser to the smart proxy to do some configuration. If I don't need to do
that then it resolves my problem.
thanks again
Greg
···
On Thursday, 16 October 2014 19:19:39 UTC+11, Dominic Cleal wrote:
>
> On 15/10/14 23:24, Ignacio Bravo wrote:
> > That was a functionality that allowed others to access the
> > foreman-proxy. See http://projects.theforeman.org/issues/7822
> >
> > I run into the same issue, and now I don't know how to get back to the
> > most dangerous but functional behaviour. ;-)
>
> Yeah, I didn't make this configurable. We probably could have an option
> to disable all client SSL verification, but it's of limited use.. it's
> probably better to comment out the three ssl_* settings and go back to a
> plain HTTP setup if you want it "open".
>
> > On Wednesday, October 15, 2014 1:22:33 AM UTC-4, > > gau...@indoaustinvestments.com wrote:
> >
> > I am using Foreman 1.6.1.
> >
> > I did the install using the puppet installer and it set up the smart
> > proxy. The smart proxy is running. The smart proxy is configured in
> > the Foreman web interface but I cannot connect to its URL. When I
> > try to I get the message "No client SSL certificate supplied". I am
> > connecting using Firefox on my desktop. My desktop doesn't have a
> > DNS entry so I can't list it as a trusted host in
> > /etc/foreman-proxy/settings.yml. I put the IP address but it made no
> > difference. I tried importing the 3 puppet certificates/keys listed
> > near the top of the /etc/foreman-proxy/settings.yml but it didn't
> > make any difference.
> >
> > Any ideas on how to get around this problem?
>
> You *might* be able to import a client SSL certificate into Firefox by
> doing something like:
>
> openssl pkcs12 -export -inkey /var/lib/puppet/ssl/private_keys/fqdn.pem
> -in /var/lib/puppet/ssl/certs/fqdn.pem -CAfile
> /var/lib/puppet/ssl/certs/ca.pem -out fqdn_browser_cert.p12
>
> And then in Firefox do: Edit -> Preferences -> Advanced -> Ecryption ->
> View Certificates -> Your Certificates -> Import...
>
> But I've not tried it! The proxy isn't really meant for use from a
> browser - there are one or two pages (DHCP I think), but these are now
> available from the foreman_dhcp_browser plugin instead.
>
> thanks that is very helpful. I was assuming I needed to connect using a
Ah no, no direct access usually needed. Foreman will makes calls to the
smart proxy API to add/remove DHCP reservations, import Puppet classes
and so on, but there's nothing really for interactive use.
···
On 17/10/14 04:46, gaumann@cellossoftware.com wrote:
>
>
> On Thursday, 16 October 2014 19:19:39 UTC+11, Dominic Cleal wrote:
> But I've not tried it! The proxy isn't really meant for use from a
> browser - there are one or two pages (DHCP I think), but these are now
> available from the foreman_dhcp_browser plugin instead.
>
> thanks that is very helpful. I was assuming I needed to connect using a
> browser to the smart proxy to do some configuration. If I don't need to
> do that then it resolves my problem.
