OK so found the issue, it is called “FIPS mode”. After I disabled “FIPS mode” scanning works.
[root@sees-almatest cron.d]# fips-mode-setup --check
FIPS mode is enabled.
The current crypto policy (DEFAULT:AD-SUPPORT) neither is the FIPS policy nor is based on the FIPS policy.
Inconsistent state detected.
[root@sees-almatest cron.d]# fips-mode-setup --disable
Setting system policy to DEFAULT
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
FIPS mode will be disabled.
Please reboot the system for the setting to take effect.
[root@sees-almatest cron.d]# reboot
I guess I need to do my homework on FIPS but seems foreman_scap_client and FIPS do not like each other.