Bug 1166191

Summary: document how to set up Satellite 6/Capsule with custom certificates
Product: Red Hat Satellite Reporter: Chris Roberts <chrobert>
Component: Docs Install GuideAssignee: Hayley Hudgeons <hhudgeon>
Status: CLOSED CURRENTRELEASE QA Contact: Adam Strong <adstrong>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0.5CC: bkearney, inecas, pmoravec, pondrejk, xdmoon
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-10 14:50:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1115190    

Description Chris Roberts 2014-11-20 14:42:48 UTC 
Description of problem:
when using a 3 tier ca and server katello cant not install correctly and errors out with 

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1. install server, update, install katello
2. katello-installer and pass the issuing ca and server cert
3. hostname matches cert
4. dns works

Actual results:
server errors out with foreman-proxy trying to verify the cert

Expected results:


Additional info:
Comment 1 RHEL Program Management 2014-11-20 14:53:54 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 10 Ivan Necas 2014-11-21 09:10:08 UTC 
The resolution is to include all the certs in the chain into a bundle and use that as the ca certificate passed to katello-installer:

   cat 1st_ca.cer 2nd_ca.cer 3th_ca.cer > ca.bundle
   katello-installer --certs-server-ca-cert ~/ca.bundle --certs-update-server-ca

From my testing, all the services work properly when using the bundle as the ca cert
Comment 11 Bryan Kearney 2014-11-21 14:52:28 UTC 
Based on #c10 I am changing this to an install guide documentation. There is a kcs document on this as well.

https://access.redhat.com/solutions/1275053
Comment 16 Deon Ballard 2015-10-09 01:37:26 UTC 
*** Bug 1248401 has been marked as a duplicate of this bug. ***