Using the node.rb --push-facts script causes the following error.
During fact upload occured an exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=error: certificate verify failed
The foreman proxies all function correctly (puppet as there are multiple puppet servers).
The following configuration is on the mirror puppet server. The foreman-proxy works. push-facts does NOT.
:ssl_ca_file: /opt/foreman_certs/foreman_ca.pem :ssl_certificate: /etc/puppetlabs/puppet/ssl/certs/puppet-server-mirror.pem :ssl_private_key: /etc/puppetlabs/puppet/ssl/private_keys/puppet-server-mirror.pem :foreman_ssl_ca: /opt/foreman_certs/foreman_ca.pem :foreman_ssl_cert: /etc/puppetlabs/puppet/ssl/certs/puppet-server-mirror.pem :foreman_ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/puppet-server-mirror.pem
:ssl_ca: "/opt/foreman_certs/foreman_ca.pem" :ssl_cert: "/etc/puppetlabs/puppet/ssl/certs/puppet-server-mirror.pem" :ssl_key: "/etc/puppetlabs/puppet/ssl/private_keys/puppet-server-mirror.pem"
The foreman server is controlled by the foreman puppet module. So all of the settings listed in the ssl document in apache are there. Here are the settings for reference:
SSLEngine on SSLCertificateFile "/etc/ssl/certs/WEB.pem" SSLCertificateKeyFile "/etc/ssl/private/WEB.key" SSLCertificateChainFile "/etc/ssl/certs/WEB_chain.crt" SSLVerifyClient optional SSLCACertificateFile "/opt/foreman_certs/foreman_ca.pem" SSLVerifyDepth 3 SSLOptions +StdEnvVars +ExportCertData
The ruby networking library should be able to connect to the foreman server without certificates failing.
Foreman and Proxy versions:
Foreman and Proxy plugin versions:
Thank you for your help!