Stand alone proxy server

Support
1

Hi,
I'm trying to setup a smart proxy server to control over multiple data
centers.
when i try to add smart proxy in the webui i get an ssl error

Unable to communicate with the proxy: ERF12-2530
[ProxyAPI::ProxyException]: Unable to detect features
([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verif…)

anyone saw it before?

2

I haven't seen that before, although I am a newbie too.

What is the URL that you've entered when adding the smart-proxy?
What configurations have you set in your smart-proxy settings.yml?

Have you tried to cURL your smart-proxy locally and remotely?

··· On Wednesday, August 13, 2014 2:09:41 PM UTC+3, eliran shlomo wrote: > > Hi, > I'm trying to setup a smart proxy server to control over multiple data > centers. > when i try to add smart proxy in the webui i get an ssl error > > Unable to communicate with the proxy: ERF12-2530 > [ProxyAPI::ProxyException]: Unable to detect features > ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read > server certificate B: certificate verif...) > > anyone saw it before? >
3

Sounds like your proxy is using different ssl certs to the ones the
foreman UI uses - normally they would all use the puppet CA as a base.
How did you set this proxy up? was it using the installer, or some
other way?

4

Hi,
I used foreman-installer
the ssl version is the same in both servers

[root@foreman ~]# rpm -qa | grep openssl
openssl-1.0.1e-16.el6_5.14.x86_64

[root@foremansp ~]# rpm -qa | grep openssl
openssl-1.0.1e-16.el6_5.14.x86_64

Main Config Menu

  1. [✗] Configure foreman_compute_rackspace
  2. [✗] Configure foreman_plugin_bootdisk
  3. [✓] Configure foreman_proxy
  4. [✗] Configure foreman_plugin_chef
  5. [✗] Configure foreman_compute_ovirt
  6. [✗] Configure puppet
  7. [✗] Configure foreman_compute_openstack
  8. [✗] Configure foreman_compute_vmware
  9. [✗] Configure foreman_plugin_templates
  10. [✗] Configure foreman_compute_gce
  11. [✗] Configure foreman_compute_ec2
  12. [✗] Configure foreman_plugin_puppetdb
  13. [✗] Configure foreman_plugin_hooks
  14. [✗] Configure foreman_plugin_setup
  15. [✗] Configure foreman_compute_libvirt
  16. [✗] Configure foreman_plugin_discovery
  17. [✗] Configure foreman
  18. [✗] Configure foreman_plugin_default_hostgroup
  19. Display current config
  20. Save and run
··· On Wednesday, August 13, 2014 8:05:48 PM UTC+3, Greg Sutcliffe wrote: > > Sounds like your proxy is using different ssl certs to the ones the > foreman UI uses - normally they would all use the puppet CA as a base. > How did you set this proxy up? was it using the installer, or some > other way? >
5

Was this run on a host provisioned from the puppetmaster on the
foreman server? If it's not got certs signed by the same CA, then I
would indeed expect to get that error.

6

I thought about it…
so i cleared the ssl on the new proxy, then changed the server to point on
the puppetmaster.
then it signed by the puppetmaster, but still the same error.

Of course plain text works fine.

··· On Thursday, August 14, 2014 12:35:15 PM UTC+3, Greg Sutcliffe wrote: > > Was this run on a host provisioned from the puppetmaster on the > foreman server? If it's not got certs signed by the same CA, then I > would indeed expect to get that error. >