Bug 1265533
Summary: | [RFE] katello-certs-check to distinguish between Satellite and Capsule | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Pavel Moravec <pmoravec> |
Component: | Installation | Assignee: | Chris Roberts <chrobert> |
Status: | CLOSED ERRATA | QA Contact: | Jitendra Yejare <jyejare> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 6.1.1 | CC: | bkearney, chrobert, dmoessne, jyejare, stbenjam, sthirugn, swadeley |
Target Milestone: | 6.4.0 | Keywords: | FutureFeature |
Target Release: | Unused | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://projects.theforeman.org/issues/22694 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-10-16 15:25:56 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Pavel Moravec
2015-09-23 07:49:40 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/22694 has been resolved. Verified! @ Satellite 6.4 snap 17 Steps: 1. Run katello-certs-check utility with certificate and key. # katello-certs-check -c server.valid.crt -k server.key -b rootCA.pem Observation: The utility provides the checks and commands separately to run on satellite and capsule. # katello-certs-check -c server.valid.crt -k server.key -b rootCA.pem Checking server certificate's encoding: [OK] Checking expiration of certificate: [OK] Checking expiration of CA bundle: [OK] Checking if server cert has CA:TRUE flag[OK] Validating the certificate subject= /C=IN/ST=Maharashtra/L=Pune/O=redhat/OU=QE/CN=niks/emailAddress=administrator Checking to see if the private key matches the certificate: [OK] Checking ca bundle against the cert file: [OK] Checking Subject Alt Name on certificate[OK] Checking Key Usage extension on certificate for Key Encipherment[OK] Validation succeeded. To install the Katello main server with the custom certificates, run: satellite-installer --scenario satellite\ --certs-server-cert "/root/CustCert/server.valid.crt"\ --certs-server-key "/root/CustCert/server.key"\ --certs-server-ca-cert "/root/CustCert/rootCA.pem" To update the certificates on a currently running Katello installation, run: satellite-installer --scenario satellite\ --certs-server-cert "/root/CustCert/server.valid.crt"\ --certs-server-key "/root/CustCert/server.key"\ --certs-server-ca-cert "/root/CustCert/rootCA.pem"\ --certs-update-server --certs-update-server-ca To use them inside a NEW $FOREMAN_PROXY, run this command: capsule-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\ --certs-tar "~/$FOREMAN_PROXY-certs.tar"\ --server-cert "/root/CustCert/server.valid.crt"\ --server-key "/root/CustCert/server.key"\ --server-ca-cert "/root/CustCert/rootCA.pem"\ To use them inside an EXISTING $FOREMAN_PROXY, run this command INSTEAD: capsule-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\ --certs-tar "~/$FOREMAN_PROXY-certs.tar"\ --server-cert "/root/CustCert/server.valid.crt"\ --server-key "/root/CustCert/server.key"\ --server-ca-cert "/root/CustCert/rootCA.pem"\ --certs-update-server Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2927 |