2022-02-11 16:22:20 [ERROR ] [configure] /Stage[main]/Foreman::Register/Foreman_host[foreman-amon.home.chao5.net]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) in get request to: https://amon.home.chao5.net/api/v2/hosts?search=name%3D"amon.home.chao5.net"
2022-02-11 16:22:20 [ERROR ] [configure] Wrapped exception:
2022-02-11 16:22:20 [ERROR ] [configure] SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
The certificates/key are 100% ok. What I’m doing wrong?
This should be --foreman-server-ssl-chain. The CA file is which client certificates are allows for authentication, chain is what signed the certificate. Then I suspect it’ll work.
yep that was the right hint… installation worked.
But something doesnt work with puppet:
Fehler: ERF50-5345 [Foreman::WrappedException]: Verbindung kann nicht hergestellt werden ([ProxyAPI::ProxyException]: ERF12-7885 [ProxyAPI::ProxyException]: Logs konnten nicht abgerufen werden ([OpenSSL::SSL::SSLError]: SSL_read: tlsv1 alert unknown ca) für Proxy https://amon.home.chao5.net:8443/logs)
I’ve user the parameter --puppet-server-foreman-ssl-ca /etc/ipa/ca.crt for puppet, do I need any other parameters?
That looks like the Foreman → Foreman Proxy communication somehow doesn’t work. Did you also replace the server certs on the Foreman Proxy but not Foreman’s client certificates, or vice versa?
I’ve been wanting to finish a blog post about this, but I’m not sure I will so for now I’ll only share the draft:
As you can see by the dates, it’s been a draft for a long time. Last time I checked it worked with Foreman 2.1. I just updated it to 3.1 but not sure if it actually works since I didn’t copy-paste to see if they work. It also ends abruptly.
