Problem:
I am getting an error by Remove orphans:
“There was an issue with the backend service pulp3: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)There was an issue with the backend service pulp3: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)”
Cert check:
katello-certs-check -c /etc/foreman-proxy/ssl_cert.pem
-k /etc/foreman-proxy/ssl_key.pem
-b /etc/foreman-proxy/ssl_ca.pem
Checking server certificate encoding:
[OK]
Checking expiration of certificate:
[OK]
Checking expiration of CA bundle:
[OK]
Checking if server certificate has CA:TRUE flag
[OK]
Checking for private key passphrase:
[OK]
Checking to see if the private key matches the certificate:
[OK]
Checking CA bundle against the certificate file:
[FAIL]
The /etc/foreman-proxy/ssl_ca.pem does not verify the /etc/foreman-proxy/ssl_cert.pem
C = XX, ST = xx, L = XX, O = XX, OU = XX, CN = XX.lan
error 20 at 0 depth lookup: unable to get local issuer certificate
error /etc/foreman-proxy/ssl_cert.pem: verification failed
Checking CA bundle size: 1
[OK]
Checking Subject Alt Name on certificate
[OK]
Checking if any Subject Alt Name on certificate matches the Subject CN
[OK]
Checking Key Usage extension on certificate for Key Encipherment
[OK]
Checking for use of shortname as CN
[OK]
After changing the CA file the check is OK but Remove orphans gets the same error? If i start the foreman installer after changing CA file he change it back to the old CA?
Expected outcome:
Foreman and Proxy versions:
- foreman-3.6.1-1.el8.noarch
- katello-4.8.1-1.el8.noarch
Foreman and Proxy plugin versions:
Distribution and version:
RHEL 8.6
Other relevant data: