1331517 – Following section 2.5 results in broken CV publish

Bug 1331517 - Following section 2.5 results in broken CV publish

Summary: Following section 2.5 results in broken CV publish

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Docs Install Guide
Sub Component:
Version:	6.1.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium vote
Target Milestone:	Unspecified
Assignee:	satellite-doc-list
QA Contact:	satellite-doc-list
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-04-28 17:27 UTC by John Call
Modified:	2017-11-16 05:16 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:	Build Name: 22922, Installation Guide-6.0-1 Build Date: 07-10-2014 15:39:35 Topic ID: 41339-708813 [Latest]
Last Closed:	2017-11-16 05:16:45 UTC
Target Upstream Version:

Attachments	(Terms of Use)
output from failed katello-installer with --cert options (65.61 KB, application/x-gzip) 2016-04-28 17:27 UTC, John Call	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description John Call 2016-04-28 17:27:48 UTC

Created attachment 1152004 [details]
output from failed katello-installer with --cert options

Title: Configuring Red Hat Satellite with a Custom Server Certificate

Describe the issue:
I followed the instructions here in order to get Compute Resource consoles (NoVNC) to work.  The default certificate uses SHA1, which no longer works with Firefox.

There appear to be two issues, the first issue is that I had to run the 'katello-installer' command twice (the first execution failed even though I specified --certs-update-server and --certs-update-server-ca)

The second issue is that I can no longer publish Content Views


Additional information:

I executed this, twice in order to succeed:
# time katello-installer   --certs-server-cert /root/sat_cert/cert.pem   --certs-server-cert-req /root/sat_cert/request.pem   --certs-server-key /root/sat_cert/privkey.key   --certs-server-ca-cert /root/sat_cert/ca_cert.pem   --certs-update-server   --certs-update-server-ca


Error message from foreman_tasks to publish CV:


ERF12-4115 [ProxyAPI::ProxyException]: Klassen für KT_Home_Lab_Library_Build_RHEL7_3  konnten nicht von Puppet geladen werden ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verif...) für Proxy https://sat6-demo.home.lab:9090/puppet

Comment 1 Andrew Dahms 2017-11-16 00:40:01 UTC

Hi John,

Thank you for raising this bug, and my apologies for the long delay in providing you with some input.

Since this bug was raised, we have done a lot of work on that section in general to test and ensure all the commands are up to date.

Do you know if this issue still persists, or whether the current instructions seem any clearer to you?

If they do not, are there any specific steps that seem confusing to you? 

Let me know if you have any feedback, and we will take a look.

Kind regards,

Andrew

Comment 4 Andrew Dahms 2017-11-16 05:16:45 UTC

Closing this bug for now given that a significant deal of work has taken place on the certificates content since this bug was initially raised.

The documentation team will also keep an eye on certificate-related requests in general to see if any relate to the issue here.

Note You need to log in before you can comment on or make changes to this bug.