Can't add new smart proxy to my foreman gui

11110 · January 10, 2017, 2:33pm

Hey,
Ruby implementation and version: Not Sure
Rails version: Not sure
OS: rhel 7
DB: postgres
Ruby-aware server used: Webrick

When i'm using the web gui and trying to create new proxy for the first
time after installing foreman on Server1 and foreman-proxy on Server2, I
get the following error:
Unable to communicate with the proxy:ERF12-2530[ProxyAPI::ProxyException]:
Unable to detect features ([OpenSSL::SSL:SSLError]: HOSTNAME "Server2"
doesnot match the server certificate) for proxy
https://Server2:8443/features
Please check the proxy is configured and running on the host.

This is how i created the crtificates:
I ran this command on Server1(where foreman and puppet are installed):
puppet cert generate Server2.new
and after that I copied those files which were generated from:
private_keys/Server2.new
certs/Server2.new
and certs/ca.pem
I copied it to Server2 and in settings.yml I pointed the ca's to those new
files.
ofcourse I changed the ownerships on those files to foreman-proxy so i can
restart the service foreman-proxy proparley, and i also did some more
instructions which provided in foreman website.
still could not add the Server2 to the proxies list in Server1 web gui.

Any ideas?

Dominic_Cleal2 · January 11, 2017, 8:26am

"Server2.new" isn't the same as "Server2" that you're using in the URL.
Use exactly the same string.

I'd also strongly recommend using lower case characters.

···

On 10/01/17 14:33, שחף בניטה wrote: > Unable to communicate with the > proxy:ERF12-2530[ProxyAPI::ProxyException]: Unable to detect features > ([OpenSSL::SSL:SSLError]: HOSTNAME "Server2" doesnot match the server > certificate) for proxy https://Server2:8443/features > Please check the proxy is configured and running on the host. > > This is how i created the crtificates: > I ran this command on Server1(where foreman and puppet are installed): > puppet cert generate Server2.new

–
Dominic Cleal
dominic@cleal.org

vincele · August 24, 2018, 4:22pm

Hello,

I’m resurrecting this old thread since I have the same problem.

differences:

my host names are all lowercase
my certs files are all lowercase & also chowned to foreman-proxy user (This got me past the first round of problems)

OS: centos 7 (both foreman & foreman-proxy servers)
puppet 5 as per the current install doc

I tried with & without SSL certs on foreman-proxy’s side
HTTP & HTTPS

nc foreman-proxy 8000 is OK connecting
wget http://foreman-proxy:8000/features is OK (get as file with good looking content)

lzap · August 27, 2018, 9:20am

Do you see the very same error? If so, it says what it says, check hostname in the certificate and the hostname you are using. Usually this needs to be FQDN.

vincele · August 27, 2018, 11:57am

By “Usually this needs to be FQDN.” You mean a simple (without domain) hostname won’t work ?
If that’s so, I think this condition should be detected and a warning shown to the unsuspecting user…

What about the no certificates used problem ? Is that supposed to work ?

vincele · August 28, 2018, 8:20am

Replying to myself in case someone stumbles upon this…

Making foreman-proxy hostname FQDN (by making that the first entry for its IP@ in /etc/hosts, no DNS used for this PoC) and re-generating certs with puppet, uploading to foreman-proxy node and restarting service, made it work !

Maybe a warning about that could be added to the docs…

lzap · August 28, 2018, 1:20pm

We don’t only have warning, but also a check in our installer. But for remote proxies, we don’t check it, because you can create non-FQDN hostnames that is totally fine. You just need to make sure your certificate has an alias…