Bug 1315261 - Going from signed ca/server cert back to self signed cert causes an issue with ssl and foreman (ERF12-2749)
Summary: Going from signed ca/server cert back to self signed cert causes an issue wit...
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Installer
Version: 6.0.6
Hardware: x86_64
OS: Linux
high vote
Target Milestone: Unspecified
Assignee: Stephen Benjamin
QA Contact: Jitendra Yejare
Depends On: 1171841
Blocks: sat61-release-notes
TreeView+ depends on / blocked
Reported: 2016-03-07 11:50 UTC by Brad Buckingham
Modified: 2019-09-12 09:58 UTC (History)
19 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 1171841
Last Closed: 2018-02-21 16:54:37 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Foreman Issue Tracker 18322 None None None 2017-01-31 14:32:40 UTC
Red Hat Knowledge Base (Solution) 1311844 None None None 2016-03-07 11:50:46 UTC

Comment 3 Bryan Kearney 2016-06-08 15:03:56 UTC
I am moving this bug to sat-future. Several things are being done to resolve the certs issues.

First, https://access.redhat.com/solutions/2263671 has been updated by GSS and Engineering. This now contains the correct steps resolve the certs issues which are found.

Second, https://bugzilla.redhat.com/show_bug.cgi?id=1218251 is going to be fixed as part of 6.2. This is one of the main causes of putting the machines into the incorrect state.

Third, this bug will be tracked to 
to bake into the installer a way to reset the certificates fully.

Comment 4 Stephen Benjamin 2016-07-21 18:25:09 UTC
Fixing the title

Comment 5 Stephen Benjamin 2017-01-31 14:32:34 UTC
Created redmine issue http://projects.theforeman.org/issues/18322 from this bug

Comment 6 pm-sat@redhat.com 2017-02-23 17:01:32 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/18322 has been resolved.

Comment 9 Jitendra Yejare 2017-12-19 10:50:32 UTC
As per the updated steps from Toledo on IRC:
<Toledo> but yeah to verify the bug do the following
<Toledo> install with custom certs and make sure it looks good
<Toledo> then run
<Toledo> satellite-installer --scenario satellite --certs-reset -v
<Toledo> then see if they go back to default


So, I retested this bug and :

1. I  don't encounter such exception mentioned in the description or my previous comment 8.
2. Satellite is accessible from browser, no certs issues
3. Certs Reset command is successful.
4. Certs settings under UI Settings page are correct:
ssl_ca_file: /etc/foreman/proxy_ca.pem
ssl_certificate:  /etc/foreman/client_cert.pem
ssl_priv_key:  /etc/foreman/client_key.pem

Changing the state to Verified !

Comment 10 pm-sat@redhat.com 2018-02-21 16:54:37 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.