On 28/07/16 16:08, Sai Krishna wrote: > # see http://theforeman.org/projects/smart-proxy/wiki/SSL for > more information > > :ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem > > :ssl_certificate: /var/lib/puppet/ssl/certs/puppetmaster.com.pem > > :ssl_private_key: > /var/lib/puppet/ssl/private_keys/puppetmaster.com.pem > > :trusted_hosts: > > - foremanserver.com > > # Endpoint for reverse communication > > :foreman_url: https://foremanserver.com > > I have replaced the puppetmaster certificates > /var/lib/puppet/ssl/certs/ca.pem , > /var/lib/puppet/ssl/certs/puppetmaster.pem, > /var/lib/puppet/ssl/private_keys/puppetmaster.pem with foreman > server certificates. which are also mentioned in settings.yml. > after this I have ran the foreman installer again enabling > puppet and foreman- proxy but still the error is same after > finishing the foreman installer installation. As you said I have > checked the ruby-kafo it is to the latest 0.9.1. On the > puppetmaster the smart proxy is running but when trying to add > in the foreman gui it is throwing same error. Let me know you > want me to check any other configuration settings or cert > settings. according to the error there is something wrong with > certificates configuration but not sure where to make changes. > > > error on foreman gui > *Unable to save* > Unable to communicate with the proxy: ERF12-2530 > [ProxyAPI::ProxyException]: Unable to detect features > ([OpenSSL::SSL::SSLError]: hostname "nyrhdv146.cusa.canon.com" does not > match the server certificate) for proxy > https://nyrhdv146.cusa.canon.com:8443/features > Please check the proxy is configured and running on the host.
This is a different error. It states that the hostname you're entering in the Foreman UI is different to the hostname on the certificates. Your later response says you're using "puppet cert generate new-puppetmaster.example.com", which means you would need to use that hostname (new-puppetmaster.example.com) when adding the smart proxy. If the hostname you're adding is actually "nyrhdv146.cusa.canon.com" then you should use "puppet cert generate nyrhdv146.cusa.canon.com" too. -- Dominic Cleal [email protected] -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
