Description of problem: katello-certs-check output contains references to foreman-installer, e.g.: To install the Katello main server with the custom certificates, run: foreman-installer --scenario katello\\ --certs-server-cert "$CERT_FILE"\\ --certs-server-cert-req "$REQ_FILE"\\ --certs-server-key "$KEY_FILE"\\ --certs-server-ca-cert "$CA_BUNDLE_FILE" Version-Release number of selected component (if applicable): Snap 14 (satellite-6.2.0-14.1.el7sat.noarch) How reproducible: Always Steps to Reproduce: 1. run katello-certs-check e.g. katello-certs-check -c /var/lib/puppet/ssl/certs/sat-snap-rhel7.example.com.pem -k /var/lib/puppet/ssl/private_keys/sat-snap-rhel7.example.com.pem -b /var/lib/puppet/ssl/ca/ca_crt.pem 2. 3. Actual results: Validation succeeded. To install the Katello main server with the custom certificates, run: katello-installer --certs-server-cert "/var/lib/puppet/ssl/certs/sat-snap-rhel7.example.com.pem"\ --certs-server-cert-req ""\ --certs-server-key "/var/lib/puppet/ssl/private_keys/sat-snap-rhel7.example.com.pem"\ --certs-server-ca-cert "/var/lib/puppet/ssl/ca/ca_crt.pem" To update the certificates on a currently running Katello installation, run: katello-installer --certs-server-cert "/var/lib/puppet/ssl/certs/sat-snap-rhel7.example.com.pem"\ --certs-server-cert-req ""\ --certs-server-key "/var/lib/puppet/ssl/private_keys/sat-snap-rhel7.example.com.pem"\ --certs-server-ca-cert "/var/lib/puppet/ssl/ca/ca_crt.pem"\ --certs-update-server --certs-update-server-ca To use them inside a $CAPSULE, run this command INSTEAD: capsule-certs-generate --capsule-fqdn ""\ --certs-tar "~/-certs.tar"\ --server-cert "/var/lib/puppet/ssl/certs/sat-snap-rhel7.example.com.pem"\ --server-cert-req ""\ --server-key "/var/lib/puppet/ssl/private_keys/sat-snap-rhel7.example.com.pem"\ --server-ca-cert "/var/lib/puppet/ssl/ca/ca_crt.pem"\ --certs-update-server Expected results: references to Katello and foreman-installer should be changed to satellite Additional info: the script itself could be renamed to satellite-certs-check
The issue was addressed in https://gitlab.sat.lab.tlv.redhat.com/satellite6/katello-installer/merge_requests/59
Moving to POST as the downstream MR was ACKed
*** Bug 1352961 has been marked as a duplicate of this bug. ***
Tested on snap19 and showing satellite scenario now [root@qatest ~]# katello-certs-check -b CA_crt.pem -k cert_key.pem -r cert_csr.pem -c cert_crt.pem Validating the certificate subject= /C=US/ST=North Carolina/L=Raleigh/O=Red Hat/CN=capsule.toledo.satellite.lab.eng.rdu2.redhat.com Check private key matches the certificate: [OK] Check ca bundle verifies the cert file: [OK] Validation succeeded. To install the Satellite main server with the custom certificates, run: satellite-installer --scenario satellite\ --certs-server-cert "cert_crt.pem"\ --certs-server-cert-req "cert_csr.pem"\ --certs-server-key "cert_key.pem"\ --certs-server-ca-cert "CA_crt.pem" To update the certificates on a currently running Satellite installation, run: satellite-installer --scenario satellite\ --certs-server-cert "cert_crt.pem"\ --certs-server-cert-req "cert_csr.pem"\ --certs-server-key "cert_key.pem"\ --certs-server-ca-cert "CA_crt.pem"\ --certs-update-server --certs-update-server-ca To use them inside a $CAPSULE, run this command INSTEAD: capsule-certs-generate --capsule-fqdn ""\ --certs-tar "~/-certs.tar"\ --server-cert "cert_crt.pem"\ --server-cert-req "cert_csr.pem"\ --server-key "cert_key.pem"\ --server-ca-cert "CA_crt.pem"\ --certs-update-server Moving to verfied
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1501