Problem:
I have deployed signed certificates into a Foreman/Katello Master which appears to work OK.
The browser connection shows a valid certificate.
Trying to add a smart proxy after generating the certs using foreman-proxy-certs.
foreman-proxy-certs-generate --foreman-proxy-fqdn “PROXY_HOST”
–certs-tar “~/PROXY_HOST.tar”
–server-cert “/etc/pki/tls/MASTER_HOSTr.cer”
–server-key “/etc/pki/tls/private/MASTER_HOST.key”
–server-ca-cert "/etc/pki/tls/certs/CA_cert_bundle.cer
The proxy install fails with the following errors:
2022-07-27 12:19:07 [ERROR ] [configure] Error making POST request to Foreman at https://MASTER_HOST/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error)) for proxy https://PROXY_HOST:9090/v2/features Please check the proxy is configured and running on the host.
2022-07-27 12:19:07 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[PROXY_HOST]/ensure: change from ‘absent’ to ‘present’ failed: Error making POST request to Foreman at https://MASTER_HOST/api/v2/smart_proxies: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error)) for proxy https://PROXY_HOST:9090/v2/features Please check the proxy is configured and running on the host.
2022-07-27 12:19:09 [NOTICE] [configure] System configuration has finished.
katello-check-certs passes all tests against the cert, key and CA-bundle used.
The certs include an intermediary and root CA which are both contained in the CA_cert_bundle.cer, the host certificate includes the whole chain.
Checking the cert using opnssl on the proxy does not appear to contain any errors.
openssl s_client -connect $(hostname -f):8443 | openssl x509 -text
Similarly on the master looks OK.
openssl s_client -connect MASTER_HOST:9090 | openssl x509 -text
Any ideas as to how to troubleshoot this?
Foreman and Proxy versions:
foreman-3.1.3-1
Foreman and Proxy plugin versions:
katello-4.3.1-1