Hello Everybody,
I do
curl -vs --key /etc/foreman-proxy/foreman_ssl_key.pem --cacert
/etc/foreman-proxy/foreman_ssl_ca.pem --cert
/etc/foreman-proxy/foreman_ssl_cert.pem
https://puppet.example.com:9090/features
It works well
and when i do
curl -vs --key /etc/foreman-proxy/foreman_ssl_key.pem --cacert
/etc/foreman-proxy/foreman_ssl_ca.pem --cert
/etc/foreman-proxy/foreman_ssl_cert.pem
https://puppet.example.com:9090/puppet/environments
I get this error
Failed to list puppet environments: SSL_CTX_use_PrivateKey: key values
mismatch
Can anyone help me ?
CentOS Linux release 7.2.1511
puppetserver-2.7.2-1
puppet-agent-1.10.0-1
foreman-proxy-1.14.3-1
foreman-proxy-content-3.3.1-1
I have foreman smart proxy with katello, and a smart proxy with puppetca
and master
I have the same result from puppet.example.com or katello.example.com
from smart proxy with puppetca and master -> puppet.example.com
cat /etc/foreman-proxy/settings.d/puppet_proxy_puppet_api.yml
···
# # puppet_proxy_pupppet_api module is used for puppet versions 4.0 and higher # # puppet_proxy_pupppet_api is configured automatcially based on # :puppet_version setting in smart-proxy's puppet.yml configuration file. # --- # URL of the puppet master itself for API requests. :puppet_url: https://puppet.example.com:8140 # # SSL certificates used to access the puppet API :puppet_ssl_ca: /etc/puppetlabs/puppet/ssl/certs/ca.pem :puppet_ssl_cert: /etc/puppetlabs/puppet/ssl/certs/puppet.example.com.pem :puppet_ssl_key: /var/lib/puppet/ssl/private_keys/puppet.example.com.pemcurl -vs --key
/etc/puppetlabs/puppet/ssl/private_keys/puppet.example.com.pem
–cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem --cert
/etc/puppetlabs/puppet/ssl/certs/puppet.example.com.pem
https://puppet.example.com:8140/puppet/v3/environments
- About to connect() to puppet.example.com port 8140 (#0)
- Trying 10.223.23.171…
- Connected to puppet.example.com (10.223.23.171) port 8140 (#0)
- Initializing NSS with certpath: sql:/etc/pki/nssdb
- CAfile: /etc/puppetlabs/puppet/ssl/certs/ca.pem
CApath: none - NSS: client certificate from file
-
subject: CN=puppet.example.com -
start date: May 02 14:59:10 2017 GMT -
expire date: May 02 14:59:10 2022 GMT -
common name: puppet.example.com -
issuer: CN=Puppet CA: puppet.example.com - SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
- Server certificate:
-
subject: CN=puppet.example.com -
start date: May 01 14:06:20 2017 GMT -
expire date: May 01 14:06:20 2022 GMT -
common name: puppet.example.com -
issuer: CN=Puppet CA: puppet.example.com
GET /puppet/v3/environments HTTP/1.1
User-Agent: curl/7.29.0
Host: puppet.example.com:8140
Accept: /
< HTTP/1.1 200 OK
< Date: Wed, 03 May 2017 15:00:40 GMT
< Content-Type: application/json
< X-Puppet-Version: 4.10.0
< Content-Length: 721
< Server: Jetty(9.2.z-SNAPSHOT)
<
- Connection #0 to host puppet.example.com left intact
{“search_paths”:[“file:///etc/puppetlabs/code/environments”,“data:text/plain,internal”],“environments”:{“test”:{“settings”:{“modulepath”:["/etc/puppetlabs/code/environments/test/modules","/etc/puppetlabs/code/environments/common","/etc/puppetlabs/code/modules","/opt/puppetlabs/puppet/modules"],“manifest”:"/etc/puppetlabs/code/environments/test/manifests",“environment_timeout”:0,“config_version”:""}},“production”:{“settings”:{“modulepath”:["/etc/puppetlabs/code/environments/production/modules","/etc/puppetlabs/code/environments/common","/etc/puppetlabs/code/modules","/opt/puppetlabs/puppet/modules"],“manifest”:"/etc/puppetlabs/code/environments/production/manifests",“environment_timeout”:0,“config_version”:""}}}
It works well