Bug 1554340

Summary: katello-certs-check not checking for cert integrity/sanity
Product: Red Hat Satellite Reporter: David Eddleman <david.eddleman>
Component: CertificatesAssignee: Chris Roberts <chrobert>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.2.14CC: chrobert, croberts, ehelms
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-04 17:33:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Eddleman 2018-03-12 13:41:16 UTC 
Description of problem:
When using katello-certs-check to verify a correct certificate, key, and CA, a success message is given if there is no EOL/EOM in the end of the certificate file. Installing this cert will succeed, and the web console for Satellite will show a valid, passing cert, but the subsequently-generated katello-ca-consumer certificate RPM will have a script error that causes clients to not be able to register and existing clients will get SSL errors.

Version-Release number of selected component (if applicable):
6.2.14 on RHEL 7.4

How reproducible:
Install certificate with no EOL/EOM using satellite-installer --scenario satellite -c <cert> -k <key> -r <csr> -b <ca> --certs-update-server --certs-update-server-ca --certs-update-all 
(From https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html-single/installation_guide/index#configuring_satellite_server_with_custom_server_certificate)

Steps to Reproduce:
1. Generate CSR/key
2. Receive cert with no EOL/EOM (or modify cert to not have one)
3. Install cert with above command.

Actual results:
Cert passes validation checks with katello-certs-check and satellite-installer, and shows as valid in web console, but has script errors in the katello-ca-consumer RPM.

Expected results:
As above, but no errors in the RPM.

Additional info:
Script that generates RPM should have sanity checking for this. See RHN report: 02049269
Comment 4 Chris Roberts 2018-04-04 17:33:27 UTC 

*** This bug has been marked as a duplicate of bug 1488213 ***