update when I use the foreman-installer without Katello I can add my DHCP proxy without problems:
foreman-installer --scenario foreman --foreman-admin-password test Le mercredi 24 mai 2017 15:12:11 UTC+2, Vincenzo Z a écrit : > > Hello, > > > I'm trying to install katello/foreman with a DHCP smart-proxy located on > another server. > > My first attempt was to use a certificate signed by our internal CA with > this command: > foreman-installer --scenario katello --foreman-admin-password test > --certs-server-cert "/root/katello_certs/katello2.example.com.crt" > --certs-server-cert-req "/root/katello_certs/katello2.example.com.csr" > --certs-server-key "/root/katello_certs/katello2.example.com.key" > --certs-server-ca-cert "/root/katello_certs/cacert.pem" > > Installation was successful and I was able to connect to my foreman web > interface without SSL warnings. > > > Next step was to setup the connection between my foreman and my DHCP > smart-proxy: > > So I followed the steps documented here > https://theforeman.org/manuals/1.15/index.html#4.3SmartProxies > > generate my cert on my foreman server: > > puppet cert generate dhcp.example.com > > copy cert, ca and key to the /etc/foreman-proxy/ssl directory on my DHCP > smart-proxy > > edit my setting.yml config file like this: > > --- > :settings_directory: "/etc/foreman-proxy/settings.d" > :daemon: true > :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid > :bind_host: '*' > :https_port: 8443 > :ssl_certificate: /etc/foreman-proxy/ssl/dhcp.example.com.pem > :ssl_ca_file: /etc/foreman-proxy/ssl/ca.pem > :ssl_private_key: /etc/foreman-proxy/ssl/dhcp.example.com.key > :trusted_hosts: > - katello2.example.com > :log_file: /var/log/foreman-proxy/proxy.log > :log_level: DEBUG > > open firewall ports > > When I try to connect from my foreman web interface with this URL > https://dhcp.example.com:8443 > > I get this error message in the log file of my DHCP smart-proxy: > > "OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=unknown > state: tlsv1 alert unknown ca" > > > It's a CA issue maybe because I'm playing with internal CA so I tried with > the self-signed certificates generated with the foreman/katello > installation: > > foreman-installer --scenario katello --foreman-admin-password "test" > > Same error. > > > I think I miss something in the smart-proxy setup and I don't play with > the right certificates. > > I probably don't use the same CA to sign my foreman certificate and my > DHCP smart-proxy certificate. > > Can somebody put me in the good direction to solve this problem? > > > Best regards, > > > > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
