Description of problem: We were under impression that the custom certificate needed to be a ca cert. It needs to be a server cert. However running katello-certs-check did not complain about this. It did give problems later in the process (yum was not able to communicate with satellite) Version-Release number of selected component (if applicable): How reproducible: Create a custom ca cert, signed by a custom root ca and feed it to the katello-certs-check. It doesn't complain. Steps to Reproduce: 1. 2. 3. Actual results: Validation successful Expected results: Validation unsuccessful, wrong certificate type Additional info:
Yes, the check script is mainly checking the formats of the cert files, but it not bulletproof and we still need to document the requirements. For example, we can't verify with the script, if the CN matches the needs (to match the fqdn of the server it will be used on),
Moving 6.2 bugs out to sat-backlog.
Created redmine issue http://projects.theforeman.org/issues/16299 from this bug
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.