An error occurred attempting to contact the server. More information can be
found in the client log file ~/.pulp/admin.log.

tail -n 23 ~/.pulp/admin.log

2015-09-10 18:18:16,232 - ERROR - Client-side exception occurred
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/pulp/client/extensions/core.py”,
line 478, in run
exit_code = Cli.run(self, args)
File “/usr/lib/python2.7/site-packages/okaara/cli.py”, line 974, in run
exit_code = command_or_section.execute(self.prompt, remaining_args)
File
"/usr/lib/python2.7/site-packages/pulp/client/extensions/extensions.py",
line 224, in execute
return self.method(*arg_list, **clean_kwargs)
File “/usr/lib/python2.7/site-packages/pulp/client/admin/tasks.py”, line
73, in list
task_objects = self.retrieve_tasks(**kwargs)
File “/usr/lib/python2.7/site-packages/pulp/client/admin/tasks.py”, line
251, in retrieve_tasks
tasks = self.context.server.tasks_search.search(fields=self.FIELDS)
File “/usr/lib/python2.7/site-packages/pulp/bindings/tasks.py”, line 138,
in search
tasks = super(TaskSearchAPI, self).search(**kwargs)
File “/usr/lib/python2.7/site-packages/pulp/bindings/search.py”, line
106, in search
response = self.server.POST(self.PATH, {‘criteria’:kwargs})
File “/usr/lib/python2.7/site-packages/pulp/bindings/server.py”, line 98,
in POST
return self._request(‘POST’, path, body=body,
ensure_encoding=ensure_encoding)
File “/usr/lib/python2.7/site-packages/pulp/bindings/server.py”, line
142, in _request
response_code, response_body = self.server_wrapper.request(method, url,
body)
File “/usr/lib/python2.7/site-packages/pulp/bindings/server.py”, line
332, in request
raise exceptions.ConnectionException(None, str(err), None)
ConnectionException: (None, ‘tlsv1 alert unknown ca’, None)

openssl s_client showing no errors at all:

openssl s_client -connect sccm.corp.tander.ru:443 -CAfile

/etc/rhsm/ca/katello-server-ca.pem
[…]
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
[…]
Verify return code: 0 (ok)

I’ll appreciate any ideas on how to get it fixed.
Thanks!

–
Kind regards,
Vladimir.

https://groups.google.com/d/msg/foreman-users/YxlGVHZ6LA4/Ei0K30MLJQAJ

–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

–
Kind regards,
Vladimir.

An error occurred attempting to contact the server. More information can be
found in the client log file ~/.pulp/admin.log.

2015-10-28 09:49:03,897 - ERROR - Client-side exception occurred
Traceback (most recent call last):
File “/usr/lib/python2.6/site-packages/pulp/client/extensions/core.py”,
line 478, in run
exit_code = Cli.run(self, args)
File “/usr/lib/python2.6/site-packages/okaara/cli.py”, line 974, in run
exit_code = command_or_section.execute(self.prompt, remaining_args)
File
"/usr/lib/python2.6/site-packages/pulp/client/extensions/extensions.py",
line 224, in execute
return self.method(*arg_list, **clean_kwargs)
File
"/usr/lib/python2.6/site-packages/pulp/client/commands/repo/cudl.py", line
330, in run
self.display_repositories(**kwargs)
File
"/usr/lib/python2.6/site-packages/pulp/client/commands/repo/cudl.py", line
358, in display_repositories
repo_list = self.get_repositories(query_params, **kwargs)
File
"/usr/lib/python2.6/site-packages/pulp/client/commands/repo/cudl.py", line
420, in get_repositories
repo_list =
self.context.server.repo.repositories(query_params).response_body
File “/usr/lib/python2.6/site-packages/pulp/bindings/repository.py”, line
34, in repositories
return self.server.GET(path, query_parameters)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line 92,
in GET
return self._request(‘GET’, path, queries)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
142, in _request
response_code, response_body = self.server_wrapper.request(method, url,
body)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
332, in request
raise exceptions.ConnectionException(None, str(err), None)
ConnectionException: (None, ‘tlsv1 alert unknown ca’, None)

Tested SSL:

openssl s_client -connect katello.domain.com:443 -CAfile
/etc/pki/katello/certs/katello-default-ca.crt

Verify return code: 0 (ok)

On Thursday, September 10, 2015 at 8:22:44 AM UTC-7, Vladimir Stackov wrote:

Greetings,

just finished upgrade to Foreman 1.9 / Katello 2.3 from Foreman 1.8.2 /
Katelo 2.2.1 and faced strange problem:
tlsv1 alert unknown ca thrown on any interactions with :443.

Here are some examples:

/etc/puppet/node.rb hostname

Could not send facts to Foreman: SSL_connect returned=1 errno=0
state=SSLv3 read server session ticket A: tlsv1 alert unknown ca

subscription-manager refresh

Unable to verify server’s identity: tlsv1 alert unknown ca

pulp-admin tasks list

Warning: path should have mode 0700 because it may contain sensitive
information: /root/.pulp/

±---------------------------------------------------------------------+
Tasks
±---------------------------------------------------------------------+

An error occurred attempting to contact the server. More information can be
found in the client log file ~/.pulp/admin.log.

tail -n 23 ~/.pulp/admin.log

2015-09-10 18:18:16,232 - ERROR - Client-side exception occurred
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/pulp/client/extensions/core.py”,
line 478, in run
exit_code = Cli.run(self, args)
File “/usr/lib/python2.7/site-packages/okaara/cli.py”, line 974, in run
exit_code = command_or_section.execute(self.prompt, remaining_args)
File
"/usr/lib/python2.7/site-packages/pulp/client/extensions/extensions.py",
line 224, in execute
return self.method(*arg_list, **clean_kwargs)
File “/usr/lib/python2.7/site-packages/pulp/client/admin/tasks.py”, line
73, in list
task_objects = self.retrieve_tasks(**kwargs)
File “/usr/lib/python2.7/site-packages/pulp/client/admin/tasks.py”, line
251, in retrieve_tasks
tasks = self.context.server.tasks_search.search(fields=self.FIELDS)
File “/usr/lib/python2.7/site-packages/pulp/bindings/tasks.py”, line
138, in search
tasks = super(TaskSearchAPI, self).search(**kwargs)
File “/usr/lib/python2.7/site-packages/pulp/bindings/search.py”, line
106, in search
response = self.server.POST(self.PATH, {‘criteria’:kwargs})
File “/usr/lib/python2.7/site-packages/pulp/bindings/server.py”, line
98, in POST
return self._request(‘POST’, path, body=body,
ensure_encoding=ensure_encoding)
File “/usr/lib/python2.7/site-packages/pulp/bindings/server.py”, line
142, in _request
response_code, response_body = self.server_wrapper.request(method,
url, body)
File “/usr/lib/python2.7/site-packages/pulp/bindings/server.py”, line
332, in request
raise exceptions.ConnectionException(None, str(err), None)
ConnectionException: (None, ‘tlsv1 alert unknown ca’, None)

openssl s_client showing no errors at all:

openssl s_client -connect sccm.corp.tander.ru:443 -CAfile

/etc/rhsm/ca/katello-server-ca.pem
[…]
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
[…]
Verify return code: 0 (ok)

I’ll appreciate any ideas on how to get it fixed.
Thanks!

–
Kind regards,
Vladimir.