Project

General

Profile

Actions

Bug #26978

open

Error occurred: Neither PUB key nor PRIV key: nested asn1 error (openscap)

Added by Sven Vogel over 5 years ago. Updated over 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Problem:
we try to use openscap with Foreman/Katello and the installation looks good but we got the following error.

maybe there is a problem with the certificates. the system is registered with subscription-manager without any problem.
i found this article https://access.redhat.com/solutions/2175231 1 but its old and i think not more relevant. you can see my config files below.

maybe i need to change or reset something happen with the certificates.

any ideas or help?

Error occurred: Neither PUB key nor PRIV key: nested asn1 error

Expected outcome:
No Error :slight_smile:

Foreman and Proxy versions:
Foreman: 1.21.3
Katello: 3.11
OpenScap: 0.7.1

Foreman and Proxy plugin versions:
Proxy: 1.21.3

Other relevant data:
/etc/foreman_scap_client/config.yaml

# Client private key
# It could be Puppet agent private key (e.g., '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem')
# Or (recommended for client reporting to Katello) consumer private key (e.g., '/etc/pki/consumer/key.pem')
:host_private_key: '/etc/pki/consumer/key.pem'

# policy (key is id as in Foreman)

3:
  :profile: 'xccdf_org.ssgproject.content_profile_stig-rhel7-disa'
  :content_path: '/var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml'
  # Download path
  # A path to download SCAP content from proxy
  :download_path: '/compliance/policies/3/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e'
  :tailoring_path: ''
  :tailoring_download_path: ''

4:
  :profile: 'xccdf_org.ssgproject.content_profile_hipaa'
  :content_path: '/var/lib/openscap/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e.xml'
  # Download path
  # A path to download SCAP content from proxy
  :download_path: '/compliance/policies/4/content/3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e'
  :tailoring_path: ''
  :tailoring_download_path: ''
---
:enabled: https

# Log file for the forwarding script.
:openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log

# Directory where OpenSCAP audits are stored
# if they failed to post to Foreman. smart_proxy_openscap_send will
# try to re-send them.
:spooldir: /var/spool/foreman-proxy/openscap

# Directory where OpenSCAP content XML are stored
# So we will not request the XML from Foreman each time
:contentdir: /var/lib/foreman-proxy/openscap/content

# Directory where OpenSCAP report XML are stored
# So Foreman can request arf xml reports
:reportsdir: /var/lib/foreman-proxy/openscap/reports

# Directory where OpenSCAP report XML are stored
# In case sending to Foreman succeeded, yet failed to save to reportsdir
:failed_dir: /var/lib/foreman-proxy/openscap/failed

# Directory where corrupted OpenSCAP report XML are stored
# when proxy cannot parse the report sent by client
:corrupted_dir: /var/lib/foreman-proxy/openscap/corrupted

# Proxy name to send to Foreman with parsed report
# Foreman matches it against names of registered proxies to find the report source
:registered_proxy_name: katello01.example.com

# Proxy url to send to Foreman with parsed report
# Foreman matches it against urls of registered proxies to find the report source
:registered_proxy_url: https://katello01.example.com:9090

# Timeout to send ARF reports to Foreman, in seconds
:timeout: 60

s_client is working

openssl s_client -connect katello01.example.com:9090 -CAfile /etc/rhsm/ca/katello-server-ca.pem -cert /etc/pki/consumer/cert.pem -key /etc/pki/consumer/key.pem
Actions

Also available in: Atom PDF