In /var/log/foreman-proxy/proxy.log I couldn’t find any error. Then in the Foreman UI I saw an error: SSL certificate with unexpected serial supplied. The internet suggested this specific string is only defined in SmartProxyDynflowCore, namely here:
This is probably fallout from the merge to SmartProxyDynflowCore into the SmartProxy process. It passes on the regular pipelines so it must be something with the other certificates used in Katello.
Looking at the particular code, it does look odd that the serial is compared. I’d expect it to verify the CN, DN or SAN.