Ssl: certificate_verify_failed

Problem: After deoplying cetificate I am observing subscription-manager register failed

Expected outcome: Should be register without any issue

Foreman and Proxy versions:

Foreman and Proxy plugin versions:

Distribution and version:

  • ansiblerole-foreman_scap_client-0.3.0-1.el8.noarch
  • candlepin-4.4.20-1.el8.noarch
  • candlepin-selinux-4.4.20-1.el8.noarch
  • dynflow-utils-1.6.3-1.el8.x86_64
  • foreman-3.12.1-1.el8.noarch
  • foreman-cli-3.12.1-1.el8.noarch
  • foreman-dynflow-sidekiq-3.12.1-1.el8.noarch
  • foreman-installer-3.12.1-1.el8.noarch
  • foreman-installer-katello-3.12.1-1.el8.noarch
  • foreman-postgresql-3.12.1-1.el8.noarch
  • foreman-proxy-3.12.1-1.el8.noarch
  • foreman-redis-3.12.1-1.el8.noarch
  • foreman-release-3.12.1-1.el8.noarch
  • foreman-selinux-3.12.1-1.el8.noarch
  • foreman-service-3.12.1-1.el8.noarch
  • katello-4.14.1-1.el8.noarch
  • katello-ca-consumer-tolfrmnapp01.fcc.bss.globalivewireless.local-1.0-1.noarch
  • katello-certs-tools-2.10.0-1.el8.noarch
  • katello-client-bootstrap-1.7.9-2.el8.noarch
  • katello-common-4.14.1-1.el8.noarch
  • katello-host-tools-3.5.4-1.el8sat.noarch
  • katello-repos-4.14.1-1.el8.noarch
  • katello-selinux-5.0.2-1.el8.noarch
  • puppet-foreman_scap_client-1.0.0-2.el8.noarch
  • python3.11-pulp-ansible-0.21.8-1.el8.noarch
  • python3.11-pulp-cli-0.29.2-2.el8.noarch
  • python3.11-pulp-container-2.20.3-1.el8.noarch
  • python3.11-pulp-deb-3.2.1-1.el8.noarch
  • python3.11-pulp-glue-0.29.2-2.el8.noarch
  • python3.11-pulp-python-3.11.3-1.el8.noarch
  • python3.11-pulp-rpm-3.26.1-1.el8.noarch
  • python3.11-pulpcore-3.49.22-1.el8.noarch
  • rubygem-dynflow-1.9.0-1.el8.noarch
  • rubygem-foreman-tasks-9.2.3-1.fm3_12.el8.noarch
  • rubygem-foreman_maintain-1.7.6-1.el8.noarch
  • rubygem-foreman_openscap-9.0.4-1.fm3_12.el8.noarch
  • rubygem-foreman_remote_execution-13.2.5-1.fm3_12.el8.noarch
  • rubygem-hammer_cli-3.12.0-1.el8.noarch
  • rubygem-hammer_cli_foreman-3.12.0-1.el8.noarch
  • rubygem-hammer_cli_foreman_openscap-0.2.1-1.fm3_10.el8.noarch
  • rubygem-hammer_cli_foreman_remote_execution-0.3.0-1.fm3_10.el8.noarch
  • rubygem-hammer_cli_foreman_tasks-0.0.21-1.fm3_11.el8.noarch
  • rubygem-hammer_cli_katello-1.14.3-1.el8.noarch
  • rubygem-katello-4.14.1-1.el8.noarch
  • rubygem-pulp_ansible_client-0.21.7-1.el8.noarch
  • rubygem-pulp_certguard_client-3.49.17-1.el8.noarch
  • rubygem-pulp_container_client-2.20.2-1.el8.noarch
  • rubygem-pulp_deb_client-3.2.1-1.el8.noarch
  • rubygem-pulp_file_client-3.49.17-1.el8.noarch
  • rubygem-pulp_ostree_client-2.3.2-1.el8.noarch
  • rubygem-pulp_python_client-3.11.2-1.el8.noarch
  • rubygem-pulp_rpm_client-3.26.1-1.el8.noarch
  • rubygem-pulpcore_client-3.49.17-1.el8.noarch
  • rubygem-smart_proxy_pulp-3.3.0-1.fm3_10.el8.noarch

Other relevant data:
[root@unixdev consumer]# subscription-manager register
Registering to: foreman.server.com:443/rhsm
Username: admin
Password:
Unable to verify server’s identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)

1 Like

How did you deploy the certificate? What were the exact commands you have used?

1 Like

Also, are you running through a firewall with SSL inspection? What certificate is being presented to rhsm?