Bug 1770394
Summary: | katello-certs-check output print foreman-installer/ katello/foreman-proxy-certs-generate on sat 6.7 | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Nikhil Kathole <nkathole> |
Component: | Installation | Assignee: | Chris Roberts <chrobert> |
Status: | CLOSED ERRATA | QA Contact: | Devendra Singh <desingh> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.7.0 | CC: | chrobert, pcreech |
Target Milestone: | 6.7.0 | Keywords: | Regression, Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | foreman-installer-1.24.1.4-1 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-14 13:26:24 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nikhil Kathole
2019-11-08 21:38:50 UTC
FailedQA Version tested: Satellite 6.7 snap 9 # rpm -qa | grep installer foreman-installer-1.24.1.3-1.el7sat.noarch foreman-installer-katello-1.24.1.3-1.el7sat.noarch satellite-installer-6.7.0.6-1.beta.el7sat.noarch Causes regression : Even if CN != hostname, command for satellite scenario is printed [root@sgi-uv20-01 ~]# katello-certs-check -c /root/ownca/test.example.com/test.example.com.crt -k /root/ownca/test.example.com/test.example.com.key -b /root/ownca/cacert.crt Checking server certificate encoding: [OK] Checking expiration of certificate: [OK] Checking expiration of CA bundle: [OK] Checking if server certificate has CA:TRUE flag [OK] Checking for private key passphrase: [OK] Checking to see if the private key matches the certificate: [OK] Checking CA bundle against the certificate file: [OK] Checking Subject Alt Name on certificate [OK] Checking Key Usage extension on certificate for Key Encipherment [OK] Validation succeeded To install the Red Hat Satellite Server with the custom certificates, run: satellite-installer --scenario satellite \ --certs-server-cert "/root/ownca/test.example.com/test.example.com.crt" \ --certs-server-key "/root/ownca/test.example.com/test.example.com.key" \ --certs-server-ca-cert "/root/ownca/cacert.crt" To update the certificates on a currently running Red Hat Satellite installation, run: satellite-installer --scenario satellite \ --certs-server-cert "/root/ownca/test.example.com/test.example.com.crt" \ --certs-server-key "/root/ownca/test.example.com/test.example.com.key" \ --certs-server-ca-cert "/root/ownca/cacert.crt" \ --certs-update-server --certs-update-server-ca Version tested: Satellite 6.7 snap 10 # rpm -qa | grep installer foreman-installer-katello-1.24.1.5-1.el7sat.noarch satellite-installer-6.7.0.6-1.beta.el7sat.noarch foreman-installer-1.24.1.5-1.el7sat.noarch When CN==hostname, Command of Satellite pinted Checking server certificate encoding: [OK] Checking expiration of certificate: [OK] Checking expiration of CA bundle: [OK] Checking if server certificate has CA:TRUE flag [OK] Checking for private key passphrase: [OK] Checking to see if the private key matches the certificate: [OK] Checking CA bundle against the certificate file: [OK] Checking Subject Alt Name on certificate [OK] Checking Key Usage extension on certificate for Key Encipherment [OK] Validation succeeded To install the Red Hat Satellite Server with the custom certificates, run: satellite-installer --scenario satellite \ --certs-server-cert "/root/server.valid.crt" \ --certs-server-key "/root/server.key" \ --certs-server-ca-cert "/root/rootCA.pem" To update the certificates on a currently running Red Hat Satellite installation, run: satellite-installer --scenario satellite \ --certs-server-cert "/root/server.valid.crt" \ --certs-server-key "/root/server.key" \ --certs-server-ca-cert "/root/rootCA.pem" \ --certs-update-server --certs-update-server-ca When CN!=hostname, Command of Capsule printed Checking server certificate encoding: [OK] Checking expiration of certificate: [OK] Checking expiration of CA bundle: [OK] Checking if server certificate has CA:TRUE flag [OK] Checking for private key passphrase: [OK] Checking to see if the private key matches the certificate: [OK] Checking CA bundle against the certificate file: [OK] Checking Subject Alt Name on certificate [OK] Checking Key Usage extension on certificate for Key Encipherment [OK] Validation succeeded To use them inside a NEW $CAPSULE, run this command: capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \ --certs-tar "~/$CAPSULE-certs.tar" \ --server-cert "/root/server.valid.crt" \ --server-key "/root/server.key" \ --server-ca-cert "/root/rootCA.pem" \ To use them inside an EXISTING $CAPSULE, run this command INSTEAD: capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \ --certs-tar "~/$CAPSULE-certs.tar" \ --server-cert "/root/server.valid.crt" \ --server-key "/root/server.key" \ --server-ca-cert "/root/rootCA.pem" \ --certs-update-server Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1454 |