Bug 2226794

Summary: Satellite documentation does not indicate the required fields for custom certificates
Product: Red Hat Satellite Reporter: Ganesh Payelkar <gpayelka>
Component: CertificatesAssignee: Malhar Jivrajani <mjivraja>
Status: ASSIGNED --- QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.14.0CC: agadhave, ehelms, mjivraja
Target Milestone: 6.14.0Keywords: Documentation, Triaged
Target Release: UnusedFlags: mdolezel: needinfo? (mjivraja)
mdolezel: needinfo? (agadhave)
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Eric Helms 2023-07-27 13:52:48 UTC 
I think we should add to our docs some of the known requirements for custom certificates to help guide customers. These requirements are captured in our katello-certs-check tool:

 * Certificates should be PEM encoded
 * Certificate should not also be CA certificate (No CA:TRUE flag)
 * The private key cannot have a passphrase
 * Certificate should include a Subject Alt Name (SAN) entry that matches the Common Name (CN)
 * Certificate should allow for Key Encipherment (via Key Usage extension)
 * Certificate cannot have a shortname as the Common Name (CN)