Problem to create a Smart proxy

Hello,

I’m facing an issue with the creation of a smart proxy through the Foreman UI.

I’m having this error :

  • Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::Exceptions::OpenTimeout]: Timed out connecting to server) for proxy https://server:8443/v2/features
  • Please check the proxy is configured and running on the host.

It is strange because everything looks fine on the smart proxy server.
The telnet is working from the Master server to the proxy server. The commande “curl https://worker05-pic-pr.phys.perf:8443/features” is working.

But, curl https://worker05-pic-pr.phys.perf:8443/v2/features is not. The results is “could not read client cert from environment”.

How can I make Foreman to check https://worker05-pic-pr.phys.perf:8443/features instead of https://worker05-pic-pr.phys.perf:8443/v2/features ?

Thanks in advance for your help :slight_smile:

Kinds

The version 2 side is using client side certificates which are also used during normal operation. Using the old version sadly won’t save you. I would have a look at any proxy in between.

I assume you manually changed the URL to server instead of the domain, otherwise it’s obviously the source of the error :slight_smile:

Hello there.

I’m actually facing a very similar problem, trying to install foreman 2.0 on a Ubuntu 18.04.
I’m on a single node deployment, running foreman and foreman-proxy on the same host, pretty much out of the box, using the foreman-installer.
I use no HTTP proxy and I’m not using Puppet nor Puppet CA, but custom SSL certificates.
When I try to register the smart-proxy, I got the error :

Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate)) for proxy https://my-server-name.domain.com:8443/v2/features and Please check the proxy is configured and running on the host.

Hitting https://my-server-name/domain.com:8443/v2/features on my browser gives me a “could not read client cert from environment” response, but no SSL warning at all. I tried different globally trusted certificates, one of them being let’s encrypt certificate, another my company bought.
I systematically use the same certs for foreman and its proxy, as client and server certs, but I still get the same result.

Do you have any information about such a behaviour ?
Thanks for your time and your great product :slight_smile:

Hello.

I solved my problem by concatanating the chain.pem file to the ca.pemfile. The reason was that foreman_proxy don’t use “chain” parameter, which makes the trust chain incomplete.

Hope it helps someone.