Make sure SSL is enabled in foreman-proxy:

:enabled: https

In some cases the Foreman web interface fails to list the host certificates in the "infrastucture"=>"Puppet CA" section. Instead of listing the host certificates it may show the following error:

Failure: ERF50-5345 [Foreman::WrappedException]: Unable to connect ([ProxyAPI::ProxyException]: ERF12-5356 [ProxyAPI::ProxyException]: Unable to get PuppetCA certificates ([RestClient::NotAcceptable]: 406 Not Acceptable) for proxy ...

This is most likely due to missing sudo permissions for the local user foreman-proxy. Make sure that

1. The sudo permissions are correct, ie the file /etc/sudoers.d/foreman-proxy contains

foreman-proxy ALL = (root) NOPASSWD : /opt/puppetlabs/bin/puppetserver ca *
Defaults:foreman-proxy !requiretty

2. The sudo permissions apply for local users, ie /etc/security/access.conf contains