Hi,
We are moving from foreman 3.3 on a CentOS 7 host to 3.4 on Rocky8.
While setting up the smart proxy 3.4 on our windows DC we encounter an issue with the generated ssl cert.
According to the 3.4 doc we need to run this command;
puppet cert generate new-smart-proxy-FQDN
But this one doesnt work any longer.
So we used this command instead;
puppetserver ca generate --certname <hostname>
This one works and creates the certificates.
However when starting the proxy on the DC we receive the following error;
2023-01-09T08:47:36 [E] Unable to load SSL certificate. Are the values correct in settings.yml and do permissions allow reading?
2023-01-09T08:47:36 [W] Error details for Unable to load SSL certificate. Are the values correct in settings.yml and do permissions allow reading?: OpenSSL::X509::CertificateError: nested asn1 error
c:/theforeman/smart-proxy-3.4.1/lib/launcher.rb:124:ininitialize' c:/theforeman/smart-proxy-3.4.1/lib/launcher.rb:124:innew’
c:/theforeman/smart-proxy-3.4.1/lib/launcher.rb:124:inload_ssl_certificate' c:/theforeman/smart-proxy-3.4.1/lib/launcher.rb:108:inhttps_app’
c:/theforeman/smart-proxy-3.4.1/lib/launcher.rb:180:inlaunch' smart-proxy:6:in’
2023-01-09T08:47:36 [E] Error during startup, terminating
2023-01-09T08:47:36 [W] Error details for Error during startup, terminating: OpenSSL::X509::CertificateError: nested asn1 error
c:/theforeman/smart-proxy-3.4.1/lib/launcher.rb:124:ininitialize' c:/theforeman/smart-proxy-3.4.1/lib/launcher.rb:124:innew’
c:/theforeman/smart-proxy-3.4.1/lib/launcher.rb:124:inload_ssl_certificate' c:/theforeman/smart-proxy-3.4.1/lib/launcher.rb:108:inhttps_app’
c:/theforeman/smart-proxy-3.4.1/lib/launcher.rb:180:inlaunch' smart-proxy:6:in’
We have tried to start the proxy with the certificates from our 3.3 foreman as well and this seems to work fine.
So the issue seems to be the newly generated certificates.
What have we done wrong ?
btw our puppet version is 7.21