Bug 2234487

Summary: [DDF] To not use /tmp or /var/tmp to store SSL certificates or tar bundles in Satellite or capsule
Product: Red Hat Satellite Reporter: Direct Docs Feedback <ddf-bot>
Component: CertificatesAssignee: Malhar Jivrajani <mjivraja>
Status: CLOSED CURRENTRELEASE QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.13.0CC: agadhave, ehelms, jbhatia, mjivraja, sadas, saydas
Target Milestone: UnspecifiedKeywords: Documentation, Triaged
Target Release: Unused   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-10-12 12:32:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Direct Docs Feedback 2023-08-24 15:40:23 UTC 
To not use /tmp or /var/tmp to store SSL certificates or tar bundles in Satellite or capsule

Despite we provide example of where SSL certicates can be placed , Many users would obtain the certifiates from extrenal proviers, copies them in /tmp or /var/tmp and applies them on satellite\capsule. 

But once OS removes the certs from /tmp or /var/tmp after defined period of time, The installer execution in future are bound to fails whether it's for enabling some feature or upgrade. 

Reported by: rhn-support-saydas

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration#annotations:2826aada-7ec0-47bd-b55f-d8e843fbe82d
Comment 1 Sayan Das 2023-08-24 15:56:15 UTC 
For both satellite and capsule:

I believe we should add some prerequisites i.e. 

* /root/ssl-build should never be touched without consulting with RedHat support.

* /tmp or /var/tmp should never be used to store certificates or certificate tar bundles. Keep the certificates stored in a permanent location on the concerned server.

* Once applied\installed, The filename of the certificate or certificate tar bundle should not be changed\renamed.
Comment 4 Marie Hornickova 2023-08-25 09:56:01 UTC 
Hello Sayan,
Many thanks for reporting this suggestion for documentation improvement. This is very helpful.
After the ticket is team-triaged, the docs team representatives will follow up on the updates regarding the implementation and share info in this ticket.
Thank you!
Comment 6 Malhar Jivrajani 2023-10-12 12:32:27 UTC 
Link to the updated and published documents: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration#Deploying_a_Custom_SSL_Certificate_to_Server_satellite