Bug 1315261 - Going from signed ca/server cert back to self signed cert causes an issue with ssl and foreman (ERF12-2749)
Going from signed ca/server cert back to self signed cert causes an issue wit...
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Installer (Show other bugs)
x86_64 Linux
high Severity high (vote)
: GA
: --
Assigned To: Stephen Benjamin
Jitendra Yejare
: PrioBumpGSS, ReleaseNotes, Triaged
Depends On: 1171841
Blocks: sat61-release-notes
  Show dependency treegraph
Reported: 2016-03-07 06:50 EST by Brad Buckingham
Modified: 2018-02-21 11:54 EST (History)
19 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1171841
Last Closed: 2018-02-21 11:54:37 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 18322 None None None 2017-01-31 09:32 EST
Red Hat Knowledge Base (Solution) 1311844 None None None 2016-03-07 06:50 EST

  None (edit)
Comment 3 Bryan Kearney 2016-06-08 11:03:56 EDT
I am moving this bug to sat-future. Several things are being done to resolve the certs issues.

First, https://access.redhat.com/solutions/2263671 has been updated by GSS and Engineering. This now contains the correct steps resolve the certs issues which are found.

Second, https://bugzilla.redhat.com/show_bug.cgi?id=1218251 is going to be fixed as part of 6.2. This is one of the main causes of putting the machines into the incorrect state.

Third, this bug will be tracked to 
to bake into the installer a way to reset the certificates fully.
Comment 4 Stephen Benjamin 2016-07-21 14:25:09 EDT
Fixing the title
Comment 5 Stephen Benjamin 2017-01-31 09:32:34 EST
Created redmine issue http://projects.theforeman.org/issues/18322 from this bug
Comment 6 pm-sat@redhat.com 2017-02-23 12:01:32 EST
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/18322 has been resolved.
Comment 9 Jitendra Yejare 2017-12-19 05:50:32 EST
As per the updated steps from Toledo on IRC:
<Toledo> but yeah to verify the bug do the following
<Toledo> install with custom certs and make sure it looks good
<Toledo> then run
<Toledo> satellite-installer --scenario satellite --certs-reset -v
<Toledo> then see if they go back to default


So, I retested this bug and :

1. I  don't encounter such exception mentioned in the description or my previous comment 8.
2. Satellite is accessible from browser, no certs issues
3. Certs Reset command is successful.
4. Certs settings under UI Settings page are correct:
ssl_ca_file: /etc/foreman/proxy_ca.pem
ssl_certificate:  /etc/foreman/client_cert.pem
ssl_priv_key:  /etc/foreman/client_key.pem

Changing the state to Verified !
Comment 10 pm-sat@redhat.com 2018-02-21 11:54:37 EST
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.