I am trying to call the smart proxy remotely on the smart proxy system. But I am not able to make any calls due to SSL errors.
I am using the same certs specified in the foreman proxy settings file.
curl -vs -key /etc/puppetlabs/puppet/ssl/private_keys/hostname.domain.pem -cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem -cert /etc/puppetlabs/ssl/puppet/certs/hostname.domain.pem https://localhost:8443/puppet/ca <https://localhost:8443/puppet/ca>
What is the SSL issue you have? My smart proxy produces similar output
when running your curl command, but it is functioning properly.
Do you get a certificate if you run openssl against the smart proxy? -
$ openssl s_client -connect localhost:8443
···
On Thursday, January 22, 2015 at 2:13:58 PM UTC-5, Corey Osman wrote:
>
> Hey,
>
> I am trying to call the smart proxy remotely on the smart proxy system.
> But I am not able to make any calls due to SSL errors.
>
> I am using the same certs specified in the foreman proxy settings file.
> curl -vs -key /etc/puppetlabs/puppet/ssl/private_keys/hostname.domain.pem
> -cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem -cert
> /etc/puppetlabs/ssl/puppet/certs/hostname.domain.pem
> https://localhost:8443/puppet/ca
>
>
> Is there something I am not doing here?
>
> < HTTP/1.1 403 Forbidden
> < Content-Type: application/json
> < Content-Length: 34
> < X-Content-Type-Options: nosniff
> < Server: WEBrick/1.3.1 (Ruby/1.9.3/2013-11-22) OpenSSL/1.0.0o
> < Date: Thu, 22 Jan 2015 19:10:47 GMT
> < Connection: Keep-Alive
> <
> * Connection #0 to host localhost left intact
> * Closing connection #0
> No client SSL certificate supplied
>
>
>
> Corey
>
You must provide --cert and others instead of the -cert. Note the two
dash characters. Otherwise I get the very same error.
Otherwise you are actually giving it -c -e -r -t parameters perhaps.
man curl
LZ
···
On Thu, Jan 22, 2015 at 11:13:52AM -0800, Corey Osman wrote:
> Hey,
>
> I am trying to call the smart proxy remotely on the smart proxy system. But I am not able to make any calls due to SSL errors.
>
> I am using the same certs specified in the foreman proxy settings file.
> curl -vs -key /etc/puppetlabs/puppet/ssl/private_keys/hostname.domain.pem -cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem -cert /etc/puppetlabs/ssl/puppet/certs/hostname.domain.pem https://localhost:8443/puppet/ca
>
>
> Is there something I am not doing here?
>
> < HTTP/1.1 403 Forbidden
> < Content-Type: application/json
> < Content-Length: 34
> < X-Content-Type-Options: nosniff
> < Server: WEBrick/1.3.1 (Ruby/1.9.3/2013-11-22) OpenSSL/1.0.0o
> < Date: Thu, 22 Jan 2015 19:10:47 GMT
> < Connection: Keep-Alive
> <
> * Connection #0 to host localhost left intact
> * Closing connection #0
> No client SSL certificate supplied
>
>
>
> Corey
>
> --
> You received this message because you are subscribed to the Google Groups "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.