Hello, i’m trying to add smart proxy to foreman because i need it to use remote execution plugin.
The problem is i follow the installation guide step by step but at moment to add proxy, an error appear :
impossible de communiquer avec le proxy : ERF12-2530 [ProxyAPI::ProxyException]: Impossible de détecter les capacités ([OpenSSL::SSL::SSLError]: hostname "192.168.0.131" does not match the server certificate) pour le proxy https://192.168.0.131:8443/features et Merci de vérifier si le proxy est configuré et fonctionnel sur l'hôte.
I genereted new certificates with the tuto on foreman manual.
Not as far as I know. Our authentication is built around client certificates with DNS names. In most places we still check the CN field rather than subjectAltName. Even where we have subjectAltName support, I think it only implements DNS: support and not IP:.
And on the Foreman manual, it’s written that ‘the smart proxy “CAN” work in SSL mode’ but not “must”’
So how can we disable this SSL mode ?
The smart proxy can work in SSL mode, where both sides verify and trust each other. Requests from Foreman will only be accepted if the SSL certificate can be verified. Since proxies abstract a high level of control over your infrastructure, the configuration and security of keys and certificates is important.
In the openssl output you can see the CN is new-smart-proxy-foreman which doesn’t match foreman.otgst.telecom. The error message is actually correct and it’s best to regenerate the certificate used on the proxy.