Thanks for for clearing that up, it was a cert miss-match issue, it is working now :)
On Thursday, 13 July 2017 14:19:30 UTC+2, [email protected] wrote: > > > I know it's not much, but here is some more information about the problem: > > 1. The error from pastebin is OpenSSL::SSL::SSLError at /compliance/arf/1 > 2. It comes from > /usr/share/gems/gems/smart_proxy_openscap-0.6.4/lib/smart_proxy_openscap/foreman_forwarder.rb > > send_request method > > It looks like a misconfiguration of foreman and proxy certificates, > although I don't know the exact reason for this. > > > > On Thursday, July 13, 2017 at 11:23:08 AM UTC+3, Phillip Smith wrote: >> >> More output information. >> >> https://pastebin.com/eJrCD6tB >> >> On Wednesday, 12 July 2017 11:32:14 UTC+2, Phillip Smith wrote: >>> >>> Hi >>> >>> Please can someone assist. >>> >>> [root@foreman foreman]# /usr/bin/foreman_scap_client 1 >>> DEBUG: running: oscap xccdf eval --profile >>> xccdf_org.ssgproject.content_profile_standard --results-arf >>> /tmp/d20170712-3398-r7bvwl/results.xml >>> /var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml >>> WARNING: Skipping >>> http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml >>> file which is referenced from XCCDF content >>> DEBUG: running: /usr/bin/bzip2 /tmp/d20170712-3398-r7bvwl/results.xml >>> Uploading results to https://foreman.qualica.com:9090/compliance/arf/1 >>> >>> Upload failed: 500 "Internal Server Error " >>> >>> >>> [root@foreman foreman]# rpm -qa | grep scap >>> openscap-scanner-1.2.10-3.el7_3.x86_64 >>> tfm-rubygem-foreman_openscap-0.7.4-1.fm1_15.el7.noarch >>> rubygem-foreman_scap_client-0.3.0-1.el7.noarch >>> perl-Pod-Escapes-1.04-291.el7.noarch >>> rubygem-smart_proxy_openscap-0.6.4-1.el7.noarch >>> rubygem-openscap-0.4.7-1.el7.noarch >>> openscap-1.2.10-3.el7_3.x86_64 >>> scap-security-guide-0.1.30-5.el7.centos.noarch >>> >>> [root@foreman foreman]# cat /etc/foreman_scap_client/config.yaml >>> # DO NOT EDIT THIS FILE MANUALLY >>> # IT IS MANAGED BY PUPPET >>> >>> # Foreman proxy to which reports should be uploaded >>> :server: 'foreman.qualica.com' >>> :port: 9090 >>> >>> ## SSL specific options ## >>> # Client CA file. >>> # It could be Puppet CA certificate (e.g., >>> '/var/lib/puppet/ssl/certs/ca.pem') >>> # Or (recommended for client reporting to Katello) subscription manager >>> CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem') >>> :ca_file: '/etc/foreman/proxy_ca.pem' >>> # Client host certificate. >>> # It could be Puppet agent host certificate (e.g., >>> '/var/lib/puppet/ssl/certs/myhost.example.com.pem') >>> # Or (recommended for client reporting to Katello) consumer certificate >>> (e.g., '/etc/pki/consumer/cert.pem') >>> :host_certificate: '/etc/foreman/client_cert.pem' >>> # Client private key >>> # It could be Puppet agent private key (e.g., >>> '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem') >>> # Or (recommended for client reporting to Katello) consumer private key >>> (e.g., '/etc/pki/consumer/key.pem') >>> :host_private_key: '/etc/foreman/client_key.pem' >>> >>> # policy (key is id as in Foreman) >>> >>> 1: >>> :profile: 'xccdf_org.ssgproject.content_profile_standard' >>> :content_path: >>> '/var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml' >>> # Download path >>> # A path to download SCAP content from proxy >>> :download_path: >>> '/compliance/policies/1/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e' >>> :tailoring_path: '' >>> :tailoring_download_path: '' >>> >>> >>> Kind Regards >>> Phillip Smith >>> >> -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
