On 01/08/16 15:34, Sai Krishna wrote: > Hello, > > > I have generated certificates in foreman server according to the > puppetmaster hostname. The smart proxy (puppetmaster) has added to > the smart proxy list in foreman GUI. Error is resolved. > > > > After that when am trying to add Puppet classes am getting > below *error on Foreman GUI.* > > > *Error: *ERF12-2749 [ProxyAPI::ProxyException]: Unable to get > environments from Puppet ([RestClient::NotAcceptable]: 406 Not > Acceptable) for proxy https://puppetmaster.exapmle.com > <http://puppetmaster.exapmle.com/>:8443/puppet > > *Below is error in /var/log/foreman-proxy/proxy.log* > > E, [2016-07-29T15:03:44.169966 #30702] ERROR -- : Failed to list puppet > environments: SSL_connect returned=1 errno=0 state=SSLv3 read server > certificate B: certificate verify failed > I, [2016-07-29T15:03:44.170369 #30702] INFO -- : 1x.1xx.xxx.xxx - - > [29/Jul/2016:15:03:44 -0400] "GET /puppet/environments HTTP/1.1" 406 131 > 0.0063 > E, [2016-07-29T15:17:08.632367 #30702] ERROR -- : > OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv2/v3 > read client hello A: unknown protocol > /usr/share/ruby/openssl/ssl.rb:226:in `accept'
What configuration do you have set in /etc/foreman-proxy/settings.d/puppet_proxy_puppet_api.yml? This is the smart proxy unable to communicate with Puppet Server. > *Below has other error when I have tried curl * > curl -v https://puppetmaster.exapmle.com:8443/puppet > <https://puppetmaster.exapmle.com:8443/puppet> [..] > * *NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)* > * *Peer's certificate issuer has been marked as not trusted by the user.* > If you'd like to turn off curl's verification of the certificate, use > the -k (or --insecure) option. You would need to follow this advice, and set --key, --cert etc to access the smart proxy API. I don't think you need to do this, Foreman does it fine. -- Dominic Cleal [email protected] -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
