Project

General

Profile

Bug #19450

Failed to show puppet environment: SSL_CTX_use_PrivateKey

Added by Sophian Mehboub about 5 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Installer
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Hello Everybody,

I do

curl -vs --key /etc/foreman-proxy/foreman_ssl_key.pem --cacert /etc/foreman-proxy/foreman_ssl_ca.pem --cert /etc/foreman-proxy/foreman_ssl_cert.pem https://puppet.example.com:9090/features

It works well

and when i do

curl -vs --key /etc/foreman-proxy/foreman_ssl_key.pem --cacert /etc/foreman-proxy/foreman_ssl_ca.pem --cert /etc/foreman-proxy/foreman_ssl_cert.pem https://puppet.example.com:9090/puppet/environments

I get this error

Failed to list puppet environments: SSL_CTX_use_PrivateKey: key values mismatch

Can anyone help me ?

CentOS Linux release 7.2.1511
puppetserver-2.7.2-1
puppet-agent-1.10.0-1
foreman-proxy-1.14.3-1
foreman-proxy-content-3.3.1-1

I have foreman smart proxy with katello, and a smart proxy with puppetca and master
I have the same result from puppet.example.com or katello.example.com

History

#1 Updated by Dominic Cleal about 5 years ago

  • Tracker changed from Bug to Support
  • Project changed from Foreman to Smart Proxy

This may indicate a misconfiguration of the SSL certificate and key used to access the Puppet server API, check that the certificate and private key referred to in /etc/foreman-proxy/settings.d/puppet_proxy_puppet_api.yml are the correct pair. The OpenSSL error indicates they don't match.

(Check other keys/certs used by the smart proxy, but in all likelihood it's those when using the Puppet API.)

Please prefer the mailing list or IRC channel for support queries, see https://theforeman.org/support.html for details.

#2 Updated by Sophian Mehboub about 5 years ago

These are the key and the certificate generated by the foreman-installer

#3 Updated by Anonymous about 5 years ago

  • Project changed from Smart Proxy to Katello

katello ssl setup related

#4 Updated by Justin Sherrill about 5 years ago

  • Tracker changed from Support to Bug
  • Category set to Installer
  • Status changed from New to Need more information

Did you install with custom certificates? Do you happen to know the full foreman-proxy command you used to install the server?

#5 Updated by Justin Sherrill almost 5 years ago

  • Legacy Backlogs Release (now unused) set to 166

#6 Updated by Eric Helms almost 5 years ago

  • Status changed from Need more information to Rejected

Also available in: Atom PDF