ERROR -- : OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate

akashsarpate · October 5, 2018, 1:23pm

I am trying to run foreman install with chef plugin getting below error:

foreman-installer 
--enable-foreman-plugin-chef 
--enable-foreman-plugin-tasks 
--enable-foreman-proxy-plugin-chef 
--foreman-proxy-plugin-chef-server-url="https://101.1.2.3/organizations/short_name" 
--foreman-proxy-plugin-chef-client-name="client_name" 
--foreman-proxy-plugin-chef-private-key="/etc/client.pem" 
--no-enable-puppet 
--foreman-server-ssl-crl=""

Error:-
E, [2018-10-05T07:48:04.878022 ] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A
/usr/share/ruby/openssl/ssl.rb:280:in  `accept' E, [2018-10-05T07:48:05.069863 ] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A /usr/share/ruby/openssl/ssl.rb:280:in` accept'
E, [2018-10-05T07:48:09.061190 ] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=error: certificate verify failed
/usr/share/ruby/openssl/ssl.rb:280:in  `accept' E, [2018-10-05T07:48:09.642194 ] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=error: certificate verify failed /usr/share/ruby/openssl/ssl.rb:280:in` accept'
E, [2018-10-05T07:48:10.499204 ] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A
/usr/share/ruby/openssl/ssl.rb:280:in  `accept' E, [2018-10-05T07:48:10.690788 ] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A /usr/share/ruby/openssl/ssl.rb:280:in` accept'
E, [2018-10-05T07:48:11.081246 ] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=error: certificate verify failed
/usr/share/ruby/openssl/ssl.rb:280:in  `accept' E, [2018-10-05T07:48:17.866047 ] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A /usr/share/ruby/openssl/ssl.rb:280:in` accept'
E, [2018-10-05T07:48:18.057435 ] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A
/usr/share/ruby/openssl/ssl.rb:280:in  `accept' E, [2018-10-05T07:48:44.800239 ] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=error: certificate verify failed /usr/share/ruby/openssl/ssl.rb:280:in` accept'

This is on Oracle Linus 7.4

Can you please help?

paulcalabro · October 6, 2018, 9:01pm

Where are you seeing that error message?

It looks like the server is trying to verify the client’s certificate. What file are you pointing to on the server for that? Does the file exist? Does it contain your client certificate?

Marek_Hulan · October 8, 2018, 6:19am

Hi, most likely your chef server certificate is self-signed and you didn’t
install it on host, on which you install Foreman.

Hope this helps

Marek

akashsarpate · October 8, 2018, 6:38am

Can you please give me more detail on - you didn’t
install it on host, on which you install Foreman.

akashsarpate · October 8, 2018, 6:41am

Yes i have client.pem file present on foreman host.

Marek_Hulan · October 8, 2018, 7:58am

Try curl https://101.1.2.3/organizations/short_name

does that show something or SSL error and you need to use --insecure? If you need unsecure, install certificate that chef-server use to your system certificate storage in /etc/pki. That differs based on your OS.