Hi,
I'm trying to setup a smart proxy server to control over multiple data
centers.
when i try to add smart proxy in the webui i get an ssl error
Unable to communicate with the proxy: ERF12-2530
[ProxyAPI::ProxyException]: Unable to detect features
([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verif…)
I haven't seen that before, although I am a newbie too.
What is the URL that you've entered when adding the smart-proxy?
What configurations have you set in your smart-proxy settings.yml?
Have you tried to cURL your smart-proxy locally and remotely?
···
On Wednesday, August 13, 2014 2:09:41 PM UTC+3, eliran shlomo wrote:
>
> Hi,
> I'm trying to setup a smart proxy server to control over multiple data
> centers.
> when i try to add smart proxy in the webui i get an ssl error
>
> Unable to communicate with the proxy: ERF12-2530
> [ProxyAPI::ProxyException]: Unable to detect features
> ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read
> server certificate B: certificate verif...)
>
> anyone saw it before?
>
Sounds like your proxy is using different ssl certs to the ones the
foreman UI uses - normally they would all use the puppet CA as a base.
How did you set this proxy up? was it using the installer, or some
other way?
···
On Wednesday, August 13, 2014 8:05:48 PM UTC+3, Greg Sutcliffe wrote:
>
> Sounds like your proxy is using different ssl certs to the ones the
> foreman UI uses - normally they would all use the puppet CA as a base.
> How did you set this proxy up? was it using the installer, or some
> other way?
>
Was this run on a host provisioned from the puppetmaster on the
foreman server? If it's not got certs signed by the same CA, then I
would indeed expect to get that error.
I thought about it…
so i cleared the ssl on the new proxy, then changed the server to point on
the puppetmaster.
then it signed by the puppetmaster, but still the same error.
Of course plain text works fine.
···
On Thursday, August 14, 2014 12:35:15 PM UTC+3, Greg Sutcliffe wrote:
>
> Was this run on a host provisioned from the puppetmaster on the
> foreman server? If it's not got certs signed by the same CA, then I
> would indeed expect to get that error.
>