Windows smart-proxy certificate verification and Katello

I keep getting a cetificate verification error on a Windows smart-proxy 1.17 with Katello. We have MS DHCP and DNS services that we need to proxy. The documentation I’ve read seems to all be for linux but I can’t find anything about installing it for Windows. We have an older Foreman server (no Katello) that we got it working for last year but I’ve been stuck on this for the past few days.

I’ve tried using a cert I created with puppet. I’ve tried foreman-proxy-certs-generate and extracting the certs from the tar/rpms that are generated. The katello server is a RHEL7 machine and I’ve put the puppet CA and the Katello CA in /etc/pki/ca-trust/source/anchors

If I use curl and connect to the smart proxy from the katello server, it returns the features.

I’m sure it’s something simple like using the wrong cert on the Windows proxy or the CAs aren’t in the correct location. Just to be sure, I enabled http and was able to add the smart-proxy in foreman.

I’ll try to add more information as I can but I can’t connect to from my work network so I’'ll have to update later when I can get to a different network.

Foreman and Proxy versions:

Katello 3.6 (Foreman 1.17), smart-proxy 1.17

Other relevant data:

[RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=error: certificate verify failed