The SSL on your proxy has to be generated from the same key. For exemple, I have 2 puppet masters, and I wanted to bind both of them on the same foreman. I generated SSL on the 1st (he also has foreman, so in the settings.yaml I configured it to use puppet SSL) and on the 2nd master, I put the SSL CA for my 1st master and he generated his own SSL certs.
On the 1st : puppet cert generate puppetmaster01.test.ca --allow-dns-alt-names --dns_alt_names=puppetmaster01.test.ca,puppetmaster02.test.ca On the 2nd : I took the content of /etc/puppetlabs/puppet/ssl/ca and I installed it at the same place on the 2nd. After that I just run this command to generate the SSL : puppet cert generate puppetmaster02.test.ca Conclusion : The SSL of your 2nd proxy has to be generated from the same CA as your foreman server I hope it can help you Le samedi 29 octobre 2016 04:20:49 UTC-4, Vitaly Volodenkov a écrit : > Hi, we have issue to "Run Job" from Foreman GUI. > What we get on remote "Smart proxy": > D, [2016-10-28T16:33:41.869376 #143273] DEBUG -- : Rack::Handler::WEBrick > is mounted on /. > I, [2016-10-28T16:33:41.869464 #143273] INFO -- : > WEBrick::HTTPServer#start: pid=143273 port=8443 > D, [2016-10-28T16:33:45.559566 #143273] DEBUG -- : accept: > 176.227.208.106:45102 > D, [2016-10-28T16:33:45.617026 #143273] DEBUG -- : Rack::Handler::WEBrick > is invoked. > E, [2016-10-28T16:33:45.731145 #143273] ERROR -- : SSL certificate with > unexpected serial supplied > [2016-10-28 16:33:45.732 #143273] INFO -- 176.227.208.106 - - > [28/Oct/2016 16:33:45] "GET /dynflow/tasks/count?state=running HTTP/1.1" > 403 59 0.0018 > > We have tried to disable: require_ssl_smart_proxies, but no luck. > > Could you help us? > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
