Remote Proxy - SSL Certificate Unexpected Serial

Dmkaz · June 7, 2018, 7:24pm

Problem:
Remote Smart Proxy Ansible job run fails with:

 ERROR -- : SSL certificate with unexpected serial supplied

Proxy settings.yml

---
:settings_directory: "/etc/foreman-proxy/settings.d"
:trusted_hosts: [foreman.internal.xyz.net]
:daemon: true
:bind_host: 0.0.0.0
#:http_port: 8000
port: 8443
:log_level: DEBUG
:ssl_certificate: /etc/foreman-proxy/certs/ansible.internal.xyz.net.pem
:ssl_ca_file: /etc/foreman-proxy/certs/ca.pem
:ssl_private_key: /etc/foreman-proxy/ssl/ansible.internal.xyz.net.pem

Proxy Host’s SSL Cert was generated by running the following on the master foreman host:

puppet cert generate ansible.internal.xyz.net

Any help or guidance would be greatly appreciated. Documentation seems a bit vague in this scenario and from what I’ve searched, it just mentions that the certs need to be generated from the same CA.

Foreman and Proxy versions:

foreman 1.17.1-1
foreman-proxy 1.17.1-1

Foreman and Proxy plugin versions:

foreman-tasks (0.13.1)
foreman-tasks-core (0.2.5)
foreman_ansible_core (2.0.2)
foreman_remote_execution_core (1.1.2)
smart_proxy_ansible (2.0.3)
smart_proxy_dynflow (0.2.0, 0.1.10)
smart_proxy_dynflow_core (0.2.0)

Other relevant data:
Both hosts (master and proxy) running Ubuntu 16.04.4 x64

aruzicka · June 8, 2018, 7:16am

Hello,
smart proxy communicates with another service called smart_proxy_dynflow_core. We have a requirement that these two have to use the same certificate if SSL is used. The error with serial usually appears when they don’t use the same certificate. Try looking into /etc/smart_proxy_dynflow_core/settings.yml and configuring the certs there as well.