Bug 2216692

Summary: Update the doc with the correct steps on how to update client certs post updating custom certs on the satellite as katello-ca-consumer package is deprecated
Product: Red Hat Satellite Reporter: Satyajit Das <sadas>
Component: InstallerAssignee: Malhar Jivrajani <mjivraja>
Status: MODIFIED --- QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.13.0CC: ehelms, mjivraja, saydas
Target Milestone: UnspecifiedKeywords: Documentation, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Satyajit Das 2023-06-22 09:14:20 UTC 
Document URL: 

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html-single/installing_satellite_server_in_a_connected_network_environment/index#deploying-a-custom-ssl-certificate-to-hosts_satellite

Section Number and Name: 

Section 4.13.3, “Deploying a Custom SSL Certificate to Hosts”

Describe the issue: 

Update the doc with the correct steps on how to update client certs post updating custom certs on the satellite as the katello-ca-consumer package is deprecated[1]

[1] 1.6. Deprecated Functionality
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html-single/release_notes/index#ref_deprecated-functionality_assembly_introducing-red-hat-satellite


Suggestions for improvement: 

Pls check with the Engineering team and update the doc with the correct steps on how to update client certs post updating custom certs on the satellite.

Additional information:
Comment 1 Marie Hornickova 2023-06-22 16:15:16 UTC 
Hello,
Many thanks for bringing this to our awareness.

Updates about progress on the implementation of the fix will be shared in this ticket.

Thank you!
Comment 3 Sayan Das 2023-06-26 14:09:10 UTC 
Product BZs are already raised by me earlier around the same topic:

2124052 – As usage of katello-ca-consumer rpm has been deprecated, the capsule-certs-generate command should suggest alternate approach during SSL cert installation\renewal
https://bugzilla.redhat.com/show_bug.cgi?id=2124052

2185634 – [RFE] Alternate method of katello-ca-cosumer to populate SSL certs on client systems
https://bugzilla.redhat.com/show_bug.cgi?id=2185634


Since we don't have any other options present yet, Can we do this on the client systems, instead of installing katello-ca-consumer rpm or it has some downsides ?


# curl http://<satellite-or-capsule-fqdn>/pub/katello-rhsm-consumer | bash
Comment 4 Malhar Jivrajani 2023-07-11 14:25:56 UTC 
Link to the PR: https://github.com/theforeman/foreman-documentation/pull/2287