Hi Hope you have tried this https://access.redhat.com/solutions/2109131
above should work if you're using redhat satellite server as foreman. Which version of puppet are you using if it is 4.x certs location should be something like this /etc/puppetlabs/puppet/ssl/certs/ On Tue, Jul 11, 2017 at 4:53 AM, Phillip Smith <[email protected]> wrote: > Hi > > Please see what error I'm getting > > root@dev-qua-za-centos7:/etc/cron.d# /usr/bin/foreman_scap_client 1 > File /var/lib/openscap/content/3e1654fd14a5352d65294db555710b > fda5cad1a942209e2d787ea7940035616e.xml is missing. Downloading it from > proxy. > Download SCAP content xml from: https://foreman.qualica.com: > 9090/compliance/policies/1/content/3e1654fd14a5352d65294db555710b > fda5cad1a942209e2d787ea7940035616e > SCAP content is missing and download failed with error: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed > > root@dev-qua-za-centos7:/etc/cron.d# cat /etc/foreman_scap_client/ > config.yaml > # DO NOT EDIT THIS FILE MANUALLY > # IT IS MANAGED BY PUPPET > > # Foreman proxy to which reports should be uploaded > :server: 'foreman.qualica.com' > :port: 9090 > > ## SSL specific options ## > # Client CA file. > # It could be Puppet CA certificate (e.g., '/var/lib/puppet/ssl/certs/ca. > pem') > # Or (recommended for client reporting to Katello) subscription manager CA > file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem') > :ca_file: '/var/lib/puppet/ssl/certs/ca.pem' > # Client host certificate. > # It could be Puppet agent host certificate (e.g., > '/var/lib/puppet/ssl/certs/myhost.example.com.pem') > # Or (recommended for client reporting to Katello) consumer certificate > (e.g., '/etc/pki/consumer/cert.pem') > :host_certificate: '/var/lib/puppet/ssl/certs/ > dev-qua-za-centos7.dc.qualica.com.pem' > # Client private key > # It could be Puppet agent private key (e.g., '/var/lib/puppet/ssl/private_ > keys/myhost.example.com.pem') > # Or (recommended for client reporting to Katello) consumer private key > (e.g., '/etc/pki/consumer/key.pem') > :host_private_key: '/var/lib/puppet/ssl/private_ > keys/dev-qua-za-centos7.dc.qualica.com.pem' > > # policy (key is id as in Foreman) > > 1: > :profile: 'xccdf_org.ssgproject.content_profile_pci-dss' > :content_path: '/var/lib/openscap/content/3e1654fd14a5352d65294db555710b > fda5cad1a942209e2d787ea7940035616e.xml' > # Download path > # A path to download SCAP content from proxy > :download_path: '/compliance/policies/1/content/ > 3e1654fd14a5352d65294db555710bfda5cad1a942209e2d787ea7940035616e' > > > > On Monday, 10 July 2017 17:10:30 UTC+2, Sai Krishna wrote: >> >> Hi >> >> In my situation I have manually changed the profile details in >> /etc/foreman_scap_client/config.yaml file that's the reason I have faced >> errors. I have then created a host group in foreman and assigned required >> profile and ran puppet agent from CLI in respective node. Make sure you >> provide correct cert details. >> >> let me know how it went. >> >> Sai Krishna >> >> On Mon, Jul 10, 2017 at 7:05 AM, Phillip Smith <[email protected]> >> wrote: >> >>> Hi >>> >>> I am having the exact same issue, have you found a solution yet? >>> >>> >>> On Thursday, 15 June 2017 17:29:01 UTC+2, Sai Krishna wrote: >>>> >>>> >>>> Hello everyone, >>>> >>>> >>>> I have installed openscap plugin for existing foreman 1.15 and trying >>>> to get the compliance report for a server, facing few issues during this >>>> process. >>>> >>>> Having trouble assigning policy to host, its not loading to select the >>>> existing policy. >>>> >>>> So I have tried from command line by running >>>> /usr/bin/foreman_scap_client 1 >>>> >>>> below is the confi file /etc/foreman_scap_client/config.yaml >>>> >>>> # DO NOT EDIT THIS FILE MANUALLY >>>> # IT IS MANAGED BY PUPPET >>>> >>>> # Foreman proxy to which reports should be uploaded >>>> :server: 'foremanproxy.example.com' >>>> :port: 8443 >>>> >>>> ## SSL specific options ## >>>> # Client CA file. >>>> # It could be Puppet CA certificate (e.g., >>>> '/var/lib/puppet/ssl/certs/ca.pem') >>>> # Or (recommended for client reporting to Katello) subscription manager >>>> CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem') >>>> :ca_file: '/etc/puppetlabs/puppet/ssl/certs/ca.pem' >>>> # Client host certificate. >>>> # It could be Puppet agent host certificate (e.g., >>>> '/var/lib/puppet/ssl/certs/myhost.example.com.pem') >>>> # Or (recommended for client reporting to Katello) consumer certificate >>>> (e.g., '/etc/pki/consumer/cert.pem') >>>> :host_certificate: '/etc/puppetlabs/puppet/ssl/certs/ >>>> localhost.example.com.pem' >>>> # Client private key >>>> # It could be Puppet agent private key (e.g., >>>> '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem') >>>> # Or (recommended for client reporting to Katello) consumer private key >>>> (e.g., '/etc/pki/consumer/key.pem') >>>> :host_private_key: '/etc/puppetlabs/puppet/ssl/pr >>>> ivate_keys/localhost.example.com.pem' >>>> # policy (key is id as in Foreman) >>>> >>>> 1: >>>> :profile: '' >>>> :content_path: '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml' >>>> # Download path >>>> # A path to download SCAP content from proxy >>>> :download_path: '/compliance/policies/1/content' >>>> :tailoring_path: '' >>>> :tailoring_download_path: '' >>>> >>>> >>>> root localhost [~] # /usr/bin/foreman_scap_client 1 >>>> DEBUG: running: oscap xccdf eval --results-arf >>>> /tmp/d20170615-1073-zzt674/results.xml /usr/share/xml/scap/ssg/conten >>>> t/ssg-rhel7-ds.xml >>>> WARNING: Skipping http://www.redhat.com/security >>>> /data/oval/Red_Hat_Enterprise_Linux_7.xml file which is referenced >>>> from XCCDF content >>>> DEBUG: running: /usr/bin/bzip2 /tmp/d20170615-1073-zzt674/results.xml >>>> Uploading results to https://foreman.example.com:8443/compliance/arf/1 >>>> >>>> >>>> >>>> At https://foreman.example.com:8443/compliance/arf/1 it through a >>>> message as " No client SSL certificate supplied " >>>> >>>> >>>> >>>> Below are logs from foreman-proxy server >>>> /var/log/foreman-proxy/proxy.log >>>> >>>> >>>> https://pastebin.com/uFLAZffP >>>> >>>> >>>> Can anyone please help me with this. >>>> >>>> Thank you >>>> Sai Krishna >>>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Foreman users" group. >>> To unsubscribe from this topic, visit https://groups.google.com/d/to >>> pic/foreman-users/TKcNVZQ4b4A/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/foreman-users. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "Foreman users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/foreman-users/TKcNVZQ4b4A/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
