Publicly trusted wildcard cert and Remote Execution

I’m updating through several version of Foreman. I saw the deprecation warning for “Puppet Run,” and so I’m trying to get Remote Execution working before continuing the updates.

The command successfully runs on the remote node, but it’s never acknowledged. Eventually, it times out and is marked as “failed.” In the log /var/log/foreman-proxy/smart_proxy_dynflow_core.log, the relevant message seems to be:

SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) (RestClient::SSLCertificateNotVerified)

I have a publicly trusted wildcard cert on the Foreman UI (from GoDaddy).

Expected outcome:

A successful command is marked as “successful” as soon as it finishes.


Foreman and proxy: 2.0.3
Remote Execution: 3.2.2

Foreman, Proxy, and Puppet Server are all running on the same system.

Distribution and version:

RHEL 7.6

What I’ve Tried

I’ve seen the following:

It seems to me like the :foreman_ssl_ca: line in /etc/smart_proxy_dynflow_core/settings.yml might be the key. I’ve tried pointing that at a trust chain file for the pubic CA, or at /etc/pki/tls/cert.pem, but it still times out with a certificate verify failed message in the log.