Bug 1252540 - katello-certs-check should check the certificate type
katello-certs-check should check the certificate type
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Installer (Show other bugs)
Unspecified Unspecified
unspecified Severity medium (vote)
: Unspecified
: --
Assigned To: Chris Roberts
Katello QA List
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2015-08-11 12:11 EDT by Fred van Zwieten
Modified: 2017-08-01 16:35 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-08-01 16:35:00 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 16299 None None None 2016-08-25 12:51 EDT

  None (edit)
Description Fred van Zwieten 2015-08-11 12:11:55 EDT
Description of problem:
We were under impression that the custom certificate needed to be a ca cert. It needs to be a server cert. However running katello-certs-check did not complain about this. It did give problems later in the process (yum was not able to communicate with satellite) 

Version-Release number of selected component (if applicable):

How reproducible:
Create a custom ca cert, signed by a custom root ca and feed it to the katello-certs-check. It doesn't complain.

Steps to Reproduce:

Actual results:
Validation successful

Expected results:
Validation unsuccessful, wrong certificate type

Additional info:
Comment 3 Ivan Necas 2015-12-11 03:39:43 EST
Yes, the check script is mainly checking the formats of the cert files, but it not bulletproof and we still need to document the requirements. For example, we can't verify with the script, if the CN matches the needs (to match the fqdn of the server it will be used on),
Comment 5 Bryan Kearney 2016-07-26 11:25:24 EDT
Moving 6.2 bugs out to sat-backlog.
Comment 6 Bryan Kearney 2016-07-26 11:41:51 EDT
Moving 6.2 bugs out to sat-backlog.
Comment 8 Stephen Benjamin 2016-08-25 12:50:56 EDT
Created redmine issue http://projects.theforeman.org/issues/16299 from this bug
Comment 10 Bryan Kearney 2017-08-01 16:35:00 EDT
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.

Note You need to log in before you can comment on or make changes to this bug.