Smart-proxy certificate error with connection to Foreman

Problem:

Error: Proxy foreman-proxy cannot be registered: Unable to communicate with the proxy: ERF50-4354 [Foreman::WrappedException]: Unable to read SSL certification or key for proxy communication, check settings for ssl_certificate, ssl_ca_file and ssl_priv_key and ensure they are readable by the foreman user. ([Errno::EACCES]: Permission denied @ rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman01.pem) Please check the proxy is configured and running on the host.
Error: /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman-proxy]/ensure: change from ‘absent’ to ‘present’ failed: Proxy foreman-proxy cannot be registered: Unable to communicate with the proxy: ERF50-4354 [Foreman::WrappedException]: Unable to read SSL certification or key for proxy communication, check settings for ssl_certificate, ssl_ca_file and ssl_priv_key and ensure they are readable by the foreman user. ([Errno::EACCES]: Permission denied @ rb_sysopen - /etc/puppetlabs/puppet/ssl/private_keys/foreman01.pem) Please check the proxy is configured and running on the host.

Expected outcome:

Foreman and Proxy versions:

1.22

Foreman and Proxy plugin versions:

Other relevant data:

logs

I’ve tried to change the key and cert permissions but it didn’t help.

It was solved with copy of puppet’s certificates and I change them group to ‘foreman’. So, now foreman uses copy of puppet’s certificates.

Hi There,

Do you have any more detail on your configuration and the way you fixed it? I have the same error with foreman1.24.2 and a standalone puppet and puppetdb server. any interaction between foreman & puppet or puppetdb results in this error.

Encountered same error, please any information is appreciated.

2021-08-19 17:30:34 [ERROR ] [configure] Proxy XYZ.net cannot be registered: Unable to communicate with the pr
oxy: ERF50-4354 [Foreman::WrappedException]: Unable to read SSL certification or key for proxy communication, check settings for ssl_cer
tificate, ssl_ca_file and ssl_priv_key and ensure they are readable by the foreman user. ([Errno::EACCES]: Permission denied @ rb_sysope
n - /etc/puppetlabs/puppet/ssl/certs/XYZ.net.pem) Please check the proxy is configured and running on the host
.
2021-08-19 17:30:34 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[XYZ.net]/ensu
re: change from ‘absent’ to ‘present’ failed: Proxy XYZ.net cannot be registered: Unable to communicate with t
he proxy: ERF50-4354 [Foreman::WrappedException]: Unable to read SSL certification or key for proxy communication, check settings for ss
l_certificate, ssl_ca_file and ssl_priv_key and ensure they are readable by the foreman user. ([Errno::EACCES]: Permission denied @ rb_s
ysopen - /etc/puppetlabs/puppet/ssl/certs/XYZ.net.pem) Please check the proxy is configured and running on the
host.

Getting this on a new install of Foreman to rhel7 (single server for foreman & proxy).

obol89 how did you tell foreman\puppet the new location of the certificates?

It was a long time ago when I was configuring that, and I might not remember this correctly. I don’t have this configuration any more to check.

As far as I remember, I just copied Puppet’s certificates to the Foreman proxy certificates location and I’ve changed (chown) group for these certificates to “foreman”.

I’m not sure if this is the best idea to run new Foreman install on rhel7 as they are planning to deprecate this OS in the near future - Foreman :: Manual