Problem:
I just installed a new Foreman 3.0 on CentOS 8.4. After login the webUI, when access “Monitor–>PuppDB Nodes” I got error:
Oops, we’re sorry but something went wrong SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error)
Here is the output of the rake:
2021-11-01T10:42:03 [I|app|82325f8f] Started GET “/puppetdb_foreman/nodes” for 10.36.36.25 at 2021-11-01 10:42:03 -0700
2021-11-01T10:42:03 [I|app|82325f8f] Processing by PuppetdbForeman::NodesController#index as HTML
2021-11-01T10:42:03 [W|app|82325f8f] SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error)
2021-11-01T10:42:03 [I|app|82325f8f] Backtrace for ‘SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error)’ error (RestClient::SSLCertificateNotVerified): SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error)
Expected outcome:
I should be able to get the PuppetDB status info page.
Foreman and Proxy versions:
Foreman and Proxy plugin versions:
Foreman version: 3.0.1
Plugins:
- foreman_discovery 18.0.0
- foreman_puppet 1.0.4
- ovirt_provision_plugin 2.0.3
- puppetdb_foreman 5.0.0
Distribution and version:
CentOS 8.4
Other relevant data:
Here is the jetty.ini:
[root@foreman-004 conf.d]# cat jetty.ini
[jetty]
# IP address or hostname to listen for clear-text HTTP. To avoid resolution
# issues, IP addresses are recommended over hostnames.
# Default is `localhost`.
# host = <host>
# Port to listen on for clear-text HTTP.
port = 8080
# The following are SSL specific settings. They can be configured
# automatically with the tool `puppetdb ssl-setup`, which is normally
# ran during package installation.
# IP address to listen on for HTTPS connections. Hostnames can also be used
# but are not recommended to avoid DNS resolution issues. To listen on all
# interfaces, use `0.0.0.0`.
ssl-host = 0.0.0.0
# The port to listen on for HTTPS connections
ssl-port = 8081
# Private key path
ssl-key = /etc/puppetlabs/puppetdb/ssl/private.pem
# Public certificate path
ssl-cert = /etc/puppetlabs/puppetdb/ssl/public.pem
# Certificate authority path
ssl-ca-cert = /etc/puppetlabs/puppetdb/ssl/ca.pem
# Access logging configuration path. To turn off access logging
# comment out the line with `access-log-config=...`
access-log-config = /etc/puppetlabs/puppetdb/request-logging.xml
cipher-suites = TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DH_DSS_WITH_AES_128_CBC_SHA256,TLS_DH_DSS_WITH_AES_128_GCM_SHA256,TLS_DH_DSS_WITH_AES_256_CBC_SHA256,TLS_DH_DSS_WITH_AES_256_GCM_SHA384,TLS_DH_RSA_WITH_AES_128_CBC_SHA256,TLS_DH_RSA_WITH_AES_128_GCM_SHA256,TLS_DH_RSA_WITH_AES_256_CBC_SHA256,TLS_DH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
client-auth = want
[root@foreman-004 conf.d]#
TCP port 8081 is open :
[root@foreman-004 conf.d]# netstat -ntlp | grep 8081
tcp6 0 0 :::8081 :::* LISTEN 17493/java
Also there is 500 error in the /var/log/httpd/foreman-ssl_access_ssl.log
10.36.36.25 - - [01/Nov/2021:10:42:03 -0700] "GET /puppetdb_foreman/nodes HTTP/1.1" 500 3633 "https://foreman-004.van.3vgeomatics.com/puppetdb_foreman/nodes" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36"
I think I must missed something when I configure the puppetdb. But I couldn’t figure it out. Could some someone help please? Thanks a lot.