Bug 798454

Summary: SSLCACertificateFile not set properly in /etc/httpd/conf.d/pulp.conf
Product: Red Hat Satellite Reporter: Justin Sherrill <jsherril>
Component: Subscription ManagementAssignee: Lukas Zapletal <lzap>
Status: CLOSED CURRENTRELEASE QA Contact: Og Maciel <omaciel>
Severity: high Docs Contact:
Priority: high    
Version: 6.0.0CC: cpelland, jlaska, mmccune, omaciel
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-22 18:29:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Justin Sherrill 2012-02-28 21:42:26 UTC 
Description of problem:

As part of the install/configuration, SSLCACertificateFile is not set properly in /etc/httpd/conf.d/pulp.conf.  This should be set to the same thing as in /etc/pulp/pulp.conf (/etc/candlepin/certs/candlepin-ca.crt)

The result of all this is that the uber cert does not work for debugging withou this change.  The browser is never prompted to use the ubercert.

Came about from: https://bugzilla.redhat.com/show_bug.cgi?id=798418
Comment 2 Lukas Zapletal 2012-03-02 11:14:50 UTC 
Okay.
Comment 3 Lukas Zapletal 2012-03-02 11:42:44 UTC 
Pushing upstream, waiting for PM ack.

b6fbd05 798454 - SSLCACertificateFile not set properly
Comment 4 Lukas Zapletal 2012-03-02 16:23:21 UTC 
Ther is also one in the ssl.conf but I believe this is not used.
Comment 6 Og Maciel 2012-03-06 19:13:03 UTC 
Lukáš, this is what I see right now:

[root@qetello03 ~]# grep "SSLCACertificateFile" /etc/httpd/conf.d/pulp.conf
SSLCACertificateFile /etc/pki/pulp/ca.crt
[root@qetello03 ~]# vim /etc/pulp/pulp.conf
[security]
cacert:  /etc/candlepin/certs/candlepin-ca.crt
cakey:   /etc/candlepin/certs/candlepin-ca.key
user_cert_expiration: 7
consumer_cert_expiration: 3650

fwiw here's the version for katello-configure: katello-configure-0.1.101-1.el6.noarch
Comment 8 Og Maciel 2012-03-09 15:49:03 UTC 
Verified:
* candlepin-0.5.24-1.el6.noarch
* candlepin-tomcat6-0.5.24-1.el6.noarch
* katello-0.1.303-1.el6.noarch
* katello-all-0.1.303-1.el6.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.0.4-1.el6.noarch
* katello-cli-0.1.102-1.el6.noarch
* katello-cli-common-0.1.102-1.el6.noarch
* katello-common-0.1.303-1.el6.noarch
* katello-configure-0.1.104-1.el6.noarch
* katello-glue-candlepin-0.1.303-1.el6.noarch
* katello-glue-foreman-0.1.303-1.el6.noarch
* katello-glue-pulp-0.1.303-1.el6.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-0.1.8-1.el6.noarch
* pulp-1.0.0-4.el6.noarch
* pulp-common-1.0.0-4.el6.noarch
* pulp-selinux-server-1.0.0-4.el6.noarch