Ruby implementation and version: Not Sure
Rails version: Not sure
OS: rhel 7
Ruby-aware server used: Webrick
When i'm using the web gui and trying to create new proxy for the first
time after installing foreman on Server1 and foreman-proxy on Server2, I
get the following error:
Unable to communicate with the proxy:ERF12-2530[ProxyAPI::ProxyException]:
Unable to detect features ([OpenSSL::SSL:SSLError]: HOSTNAME "Server2"
doesnot match the server certificate) for proxy
Please check the proxy is configured and running on the host.
This is how i created the crtificates:
I ran this command on Server1(where foreman and puppet are installed):
puppet cert generate Server2.new
and after that I copied those files which were generated from:
I copied it to Server2 and in settings.yml I pointed the ca's to those new
ofcourse I changed the ownerships on those files to foreman-proxy so i can
restart the service foreman-proxy proparley, and i also did some more
instructions which provided in foreman website.
still could not add the Server2 to the proxies list in Server1 web gui.
"Server2.new" isn't the same as "Server2" that you're using in the URL.
Use exactly the same string.
I'd also strongly recommend using lower case characters.
On 10/01/17 14:33, שחף בניטה wrote:
> Unable to communicate with the
> proxy:ERF12-2530[ProxyAPI::ProxyException]: Unable to detect features
> ([OpenSSL::SSL:SSLError]: HOSTNAME "Server2" doesnot match the server
> certificate) for proxy https://Server2:8443/features
> Please check the proxy is configured and running on the host.
> This is how i created the crtificates:
> I ran this command on Server1(where foreman and puppet are installed):
> puppet cert generate Server2.new
I’m resurrecting this old thread since I have the same problem.
- my host names are all lowercase
- my certs files are all lowercase & also chowned to foreman-proxy user (This got me past the first round of problems)
OS: centos 7 (both foreman & foreman-proxy servers)
puppet 5 as per the current install doc
I tried with & without SSL certs on foreman-proxy’s side
HTTP & HTTPS
nc foreman-proxy 8000 is OK connecting
wget http://foreman-proxy:8000/features is OK (get as file with good looking content)
Do you see the very same error? If so, it says what it says, check hostname in the certificate and the hostname you are using. Usually this needs to be FQDN.
By “Usually this needs to be FQDN.” You mean a simple (without domain) hostname won’t work ?
If that’s so, I think this condition should be detected and a warning shown to the unsuspecting user…
What about the no certificates used problem ? Is that supposed to work ?
Replying to myself in case someone stumbles upon this…
Making foreman-proxy hostname FQDN (by making that the first entry for its IP@ in /etc/hosts, no DNS used for this PoC) and re-generating certs with puppet, uploading to foreman-proxy node and restarting service, made it work !
Maybe a warning about that could be added to the docs…
We don’t only have warning, but also a check in our installer. But for remote proxies, we don’t check it, because you can create non-FQDN hostnames that is totally fine. You just need to make sure your certificate has an alias…