Hi Please see what error I'm getting
root@dev-qua-za-centos7:/etc/cron.d# /usr/bin/foreman_scap_client 1 File /var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml is missing. Downloading it from proxy. Download SCAP content xml from: https://foreman.qualica.com:9090/compliance/policies/1/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e SCAP content is missing and download failed with error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed root@dev-qua-za-centos7:/etc/cron.d# cat /etc/foreman_scap_client/config.yaml # DO NOT EDIT THIS FILE MANUALLY # IT IS MANAGED BY PUPPET # Foreman proxy to which reports should be uploaded :server: 'foreman.qualica.com' :port: 9090 ## SSL specific options ## # Client CA file. # It could be Puppet CA certificate (e.g., '/var/lib/puppet/ssl/certs/ca.pem') # Or (recommended for client reporting to Katello) subscription manager CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem') :ca_file: '/var/lib/puppet/ssl/certs/ca.pem' # Client host certificate. # It could be Puppet agent host certificate (e.g., '/var/lib/puppet/ssl/certs/myhost.example.com.pem') # Or (recommended for client reporting to Katello) consumer certificate (e.g., '/etc/pki/consumer/cert.pem') :host_certificate: '/var/lib/puppet/ssl/certs/dev-qua-za-centos7.dc.qualica.com.pem' # Client private key # It could be Puppet agent private key (e.g., '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem') # Or (recommended for client reporting to Katello) consumer private key (e.g., '/etc/pki/consumer/key.pem') :host_private_key: '/var/lib/puppet/ssl/private_keys/dev-qua-za-centos7.dc.qualica.com.pem' # policy (key is id as in Foreman) 1: :profile: 'xccdf_org.ssgproject.content_profile_pci-dss' :content_path: '/var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml' # Download path # A path to download SCAP content from proxy :download_path: '/compliance/policies/1/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e' On Monday, 10 July 2017 17:10:30 UTC+2, Sai Krishna wrote: > > Hi > > In my situation I have manually changed the profile details in > /etc/foreman_scap_client/config.yaml file that's the reason I have faced > errors. I have then created a host group in foreman and assigned required > profile and ran puppet agent from CLI in respective node. Make sure you > provide correct cert details. > > let me know how it went. > > Sai Krishna > > On Mon, Jul 10, 2017 at 7:05 AM, Phillip Smith <[email protected] > <javascript:>> wrote: > >> Hi >> >> I am having the exact same issue, have you found a solution yet? >> >> >> On Thursday, 15 June 2017 17:29:01 UTC+2, Sai Krishna wrote: >>> >>> >>> Hello everyone, >>> >>> >>> I have installed openscap plugin for existing foreman 1.15 and trying to >>> get the compliance report for a server, facing few issues during this >>> process. >>> >>> Having trouble assigning policy to host, its not loading to select the >>> existing policy. >>> >>> So I have tried from command line by running >>> /usr/bin/foreman_scap_client 1 >>> >>> below is the confi file /etc/foreman_scap_client/config.yaml >>> >>> # DO NOT EDIT THIS FILE MANUALLY >>> # IT IS MANAGED BY PUPPET >>> >>> # Foreman proxy to which reports should be uploaded >>> :server: 'foremanproxy.example.com' >>> :port: 8443 >>> >>> ## SSL specific options ## >>> # Client CA file. >>> # It could be Puppet CA certificate (e.g., >>> '/var/lib/puppet/ssl/certs/ca.pem') >>> # Or (recommended for client reporting to Katello) subscription manager >>> CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem') >>> :ca_file: '/etc/puppetlabs/puppet/ssl/certs/ca.pem' >>> # Client host certificate. >>> # It could be Puppet agent host certificate (e.g., >>> '/var/lib/puppet/ssl/certs/myhost.example.com.pem') >>> # Or (recommended for client reporting to Katello) consumer certificate >>> (e.g., '/etc/pki/consumer/cert.pem') >>> :host_certificate: '/etc/puppetlabs/puppet/ssl/certs/ >>> localhost.example.com.pem' >>> # Client private key >>> # It could be Puppet agent private key (e.g., >>> '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem') >>> # Or (recommended for client reporting to Katello) consumer private key >>> (e.g., '/etc/pki/consumer/key.pem') >>> :host_private_key: >>> '/etc/puppetlabs/puppet/ssl/private_keys/localhost.example.com.pem' >>> # policy (key is id as in Foreman) >>> >>> 1: >>> :profile: '' >>> :content_path: '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml' >>> # Download path >>> # A path to download SCAP content from proxy >>> :download_path: '/compliance/policies/1/content' >>> :tailoring_path: '' >>> :tailoring_download_path: '' >>> >>> >>> root localhost [~] # /usr/bin/foreman_scap_client 1 >>> DEBUG: running: oscap xccdf eval --results-arf >>> /tmp/d20170615-1073-zzt674/results.xml >>> /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml >>> WARNING: Skipping >>> http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml >>> file which is referenced from XCCDF content >>> DEBUG: running: /usr/bin/bzip2 /tmp/d20170615-1073-zzt674/results.xml >>> Uploading results to https://foreman.example.com:8443/compliance/arf/1 >>> >>> >>> >>> At https://foreman.example.com:8443/compliance/arf/1 it through a >>> message as " No client SSL certificate supplied " >>> >>> >>> >>> Below are logs from foreman-proxy server >>> /var/log/foreman-proxy/proxy.log >>> >>> >>> https://pastebin.com/uFLAZffP >>> >>> >>> Can anyone please help me with this. >>> >>> Thank you >>> Sai Krishna >>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Foreman users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/foreman-users/TKcNVZQ4b4A/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at https://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
