I'm running through an install of Satellite 6.0.4 with IdM on RHEL 7.1 to set up external auth. All of that is working fine, but I also want to use a certificate from IdM for the web UI by passing it in at install time. According to the documentation, I need to use the following options: --certs-server-cert ~/path/to/server.crt\ --certs-server-cert-req ~/path/to/server.crt.req\ --certs-server-key ~/path/to/server.crt.key\ --certs-server-ca-cert ~/path/to/cacert.crt The certificate request should not be needed, as a certificate has already been issued. If we already have an issued certificate, we should just need the key and server certificate along with the CA certificate for trust purposes. If I use 'ipa-getcert' to request and retrieve a certificate from IdM, I only get back the key and cert: ipa-getcert request -w -k ./satellite.key -f ./satellite.crt There is no provision to output the raw CSR from any of the certmonger related commands. I can dig it out of certmonger's request tracking file in /var/lib/certmonger/requests, but that's not very friendly. I have been able to pass a zero-byte file as the --certs-server-cert-req option as a workaround, and https is set up properly using the passed in cert/key. I think the request option should be deprecated, or at least made optional if there is really some purpose to giving the request to Satellite.
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Moving 6.2 bugs out to sat-backlog.
I believe we need the CSR, as we also sign the certificate with the internal Satellite CA.
Created redmine issue http://projects.theforeman.org/issues/16911 from this bug
*** Bug 1423504 has been marked as a duplicate of this bug. ***
Upstream bug assigned to ekohlvan
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/16911 has been resolved.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:1222