I’m having an issue with Foreman/Katello Smart Proxy Installation on CentOS 7 (Katello 3.4).
Upon completing the installer (gets to about 90%) I get:
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[server.example.com]/ensure: change from absent to present failed: Proxy server.example.com cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed) for proxy https://server.example.com:9090/features Please check the proxy is configured and running on the host.
Same returned In the /var/log/foreman-installer/foreman-proxy-content.log
When I go over to /var/log/foreman-proxy/proxy.log I get the following:
ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
Apparently, something is wrong with the Certificates generated from the Master?
The expected behavior, of course, is to have the proxy come up and be installed properly.
The thing is, I’m not using any weird CAs or external certs…this is all coming from the CA generated when Katello was first installed so I don’t even know where to begin to debug things. I understand where things might go south when trying to use my own certs, but this is all Katello’s stuff and with Katello doing the packaging and installing of all the certificates for me, I have no idea where to begin debugging this.
There are a few threads/tickets out there talking about running kattelo-certs-check (which I have not done) but these all seems to indicate being used for custom ssl certs, which we are not using.
Further, there’s information out there about modifying apache configs and issues with Cert locations (SSLCACertificatePath) being built into the apache configs, but that appears to have been corrected in 3.4 as that entry does not appear in any of the apache config files in /etc/httpd/conf.d.
I’d be grateful just for a place to begin debugging this.
I followed the procedure documented at Foreman :: Plugin Manuals