I’ve seen many instances of this problem, but have been unable to find a solution that works for me. I had a working Foreman 2.2 / Katello 3.17 , that I attempted to move from self-signed certificates for the web interface to our wildcard. I have the web interface working communication to the smart proxy is not. This is what I see in the Foreman web interface on the Smart Proxies screen (sanitized):
Any hints of which other logs to look in, which certificates to test, and what else to possibly add to the trusted store appreciated.
Failure: ERF50-5345 [Foreman::WrappedException]: Unable to connect ([ProxyAPI::ProxyException]: ERF12-7885 [ProxyAPI::ProxyException]: Unable to fetch logs ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)) for proxy https://foo.ourdomain.com:9090/logs)
Foreman and Proxy versions:
Foreman 2.2 / Katello 3.17
Distribution and version:
Other relevant data:
2020-11-28T15:09:06 [E] <OpenSSL::SSL::SSLError> SSL_accept returned=1 errno=0 state=error: tlsv1 alert unknown ca /opt/rh/rh-ruby25/root/usr/share/ruby/webrick/server.rb:299:in `accept' /opt/rh/rh-ruby25/root/usr/share/ruby/webrick/server.rb:299:in `block (2 levels) in start_thread' /opt/rh/rh-ruby25/root/usr/share/ruby/webrick/utils.rb:263:in `timeout' /opt/rh/rh-ruby25/root/usr/share/ruby/webrick/server.rb:297:in `block in start_thread' /opt/theforeman/tfm/root/usr/share/gems/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
puppsetserver.log , from one of many attempts to rerun the installer that always fails
2020-11-28T15:04:11.008-05:00 WARN [qtp670381000-41] [c.p.p.ShellUtils] Executed an external process which logged to STDERR: During fact upload occured an exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed Serving cached ENC: Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=error: certificate verify failed