No SSL cert with CN supplied - request from xxxxxxx

>
> when I exec "puppet agent -t" on puppet client,the foreman server in
> production log that show "No SSL cert with CN supplied - request from
> xxxxxxx",when I turn the "restrict_registered_smart_proxies" off , there
> is no wrong in production log. if I want to
> turn"restrict_registered_smart_proxies" on,what need I do with foreman
> server or smart proxy?

The error indicates that there is no CN from a client SSL certificate in
the request supplied in the SSL_CLIENT_S_DN environment variable
(default, defined by the ssl_client_dn_env setting). This is used to
authenticate the incoming request.

You said on IRC that you're not using our standard installer setup, so
you need to ensure that your web server is configured to do SSL client
certificate verification and to set the environment variable for the
Foreman Passenger application. In Apache that's SSLVerifyClient,
SSLOptions etc.

> here is foreman offical manual describe:
>
> restrict_registered_smart_proxies:
> When set to true, services such as Puppet masters (or Salt, Chef) need to have a smart proxy registered with the appropriate feature (e.g. Puppet) to access fact/report importers and ENC output.

When the request comes in over HTTPS then the above SSL check is made.
Alternatively, you can disable "require_ssl_smart_proxies" to perform a
reverse DNS (hostname) check only.