Bug 1432990

Summary: registration failure message due an empty/corrupt cert in /etc/rhsm/ca folder is not appropriate
Product: Red Hat Enterprise Linux 7 Reporter: Shwetha Kallesh <skallesh>
Component: subscription-managerAssignee: William Poteat <wpoteat>
Status: CLOSED ERRATA QA Contact: John Sefler <jsefler>
Severity: medium Docs Contact:
Priority: high    
Version: 7.3CC: bcourt, csnyder, khowell, redakkan, skallesh, wpoteat
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 19:21:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Shwetha Kallesh 2017-03-16 14:07:52 UTC 
Description of problem:
registration failure message due an empty/corrupt cert in /etc/rhsm/ca folder is not appropriate

Version-Release number of selected component (if applicable):
[root@dhcp35-101 ~]# subscription-manager version
server type: This system is currently not registered.
subscription management server: Unknown
subscription management rules: Unknown
subscription-manager: 1.19.1-1.git.830.8f73a6c.el7
python-rhsm: 1.19.1-1.git.5745.8f73a6c.el7


How reproducible:


Steps to Reproduce:
Create an empty cert:
[root@dhcp35-101 ~]# touch /etc/rhsm/ca/myemptycert.pem

Now try to register:
[root@dhcp35-101 ~]# subscription-manager register --force
Registering to: Shwetha-Candlepin.usersys.redhat.com:8443/candlepin
Username: admin
Password: 
Unable to verify server's identity: unknown error (_ssl.c:2747)


Actual results:


Expected results:


Additional info:
Comment 2 Barnaby Court 2017-03-16 14:52:29 UTC 
Shwetha, can you remind us what the old behavior was and how this has changed?
Comment 3 Shwetha Kallesh 2017-03-17 09:28:49 UTC 
Barnaby,
            
       Previously displayed message was "Bad CA certificate: <file path>"
Comment 5 Shwetha Kallesh 2017-04-20 13:57:35 UTC 
[root@cisco-b200m1-03 ~]# touch /etc/rhsm/ca/myemptycert.pem
[root@cisco-b200m1-03 ~]# subscription-manager register --force
Bad CA certificate: /etc/rhsm/ca/myemptycert.pem


[root@cisco-b200m1-03 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 0.9.51.21-1
subscription management rules: 5.15.1
subscription-manager: 1.19.8-1.el7
python-rhsm: 1.19.5-1.el7
Comment 6 errata-xmlrpc 2017-08-01 19:21:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2083