Bug 2226794

Summary: Satellite documentation does not indicate the required fields for custom certificates
Product: Red Hat Satellite Reporter: Ganesh Payelkar <gpayelka>
Component: CertificatesAssignee: Malhar Jivrajani <mjivraja>
Status: CLOSED NOTABUG QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.14.0CC: agadhave, ehelms, mjivraja, pdwyer, s.heijmans, tharring
Target Milestone: 6.14.0Keywords: Documentation, Reopened, Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-21 10:56:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Eric Helms 2023-07-27 13:52:48 UTC 
I think we should add to our docs some of the known requirements for custom certificates to help guide customers. These requirements are captured in our katello-certs-check tool:

 * Certificates should be PEM encoded
 * Certificate should not also be CA certificate (No CA:TRUE flag)
 * The private key cannot have a passphrase
 * Certificate should include a Subject Alt Name (SAN) entry that matches the Common Name (CN)
 * Certificate should allow for Key Encipherment (via Key Usage extension)
 * Certificate cannot have a shortname as the Common Name (CN)
Comment 5 Eric Helms 2023-09-07 13:16:25 UTC 
*** Bug 2236329 has been marked as a duplicate of this bug. ***
Comment 7 Malhar Jivrajani 2023-10-18 14:21:40 UTC 
Link to the updated and published documents: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration#Configuring_Server_with_a_Custom_SSL_Certificate_satellite

Also applies to all the versions of Satellite starting from 6.11.
Comment 8 Malhar Jivrajani 2023-10-31 08:58:35 UTC 
*** Bug 2244880 has been marked as a duplicate of this bug. ***
Comment 10 Malhar Jivrajani 2023-11-21 10:56:58 UTC 
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration#creating-a-custom-ssl-certificate_satellite
6.13 Satellite

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/installing_capsule_server/installing-capsule-server#configuring-capsule-custom-server-certificate_capsule
6.13 Capsule

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html-single/inst[…]ng_satellite_server_in_a_connected_network_environment/index
6.12 - Satellite

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html-single/installing_capsule_server/index#configuring-caps[…]tificate_capsule
6.12 - Capsule

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/installing_capsule_server/index#configuring-caps[…]tificate_capsule
6.11 - Capsule


Satellite = Connected and Disconnected both.