1423504 – [RFE] CSR should not be required when installing Satellite Server or generating Capsule certificate bundle

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1423504 - [RFE] CSR should not be required when installing Satellite Server or generating Capsule certificate bundle

Summary: [RFE] CSR should not be required when installing Satellite Server or generati...

Keywords:
Status:	CLOSED DUPLICATE of bug 1233431
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Certificates
Sub Component:
Version:	6.2.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	Unspecified
Assignee:	Eric Helms
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-02-17 13:18 UTC by Ian Tewksbury
Modified:	2024-02-28 20:32 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-28 07:16:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Ian Tewksbury 2017-02-17 13:18:48 UTC

Description of problem:

Currently when providing custom signed certificates to either the `statellite-installer --scenario satellite` or the `capsule-certs-generate` they both require the CSR to be given either via `--certs-server-cert-req` or `--server-cert-req` respectively.

Even though the commands require a CSR to be given there is no reason to require the CSR and additionally so if you just pass a blank file everything works fine.

Therefor the requirement of specifying the CSR should be removed since it appears not to be used for anything and Satellite users do not always have access to the CSR.

Version-Release number of selected component (if applicable):

6.2.6

How reproducible:

Always

Steps to Reproduce:
1. Call statellite-installer --scenario satellite without --certs-server-cert-req when giving custom signed certificate
2. failure

1. Call statellite-installer --scenario satellite with empty file passed to --certs-server-cert-req when giving custom signed certificate
2. Succeeds

1. Call capsule-certs-generate --scenario satellite without --server-cert-req when giving custom signed certificate
2. failure

1. Call satellite-installer --scenario satellite with empty file passed to --server-cert-req when giving custom signed certificate
2. Succeeds

Actual results:

If giving a custom signed key/cert pair to the satellite-installer or capsule-certs-generate commands without passing the CSR the commands will fail.

If you pass empty CSR files in these cases they will succeed.

Expected results:

Since the CSR appears to do nothing, since an empty file can be given, this should not be a requirment of the satellite-installer or capsule-certs-generate commands when providing custom signed key/cert.

Additional Info:
A customer rain into this because their PKI team generates and signs CSRs based on given parameters and then only gives back the cert/key without the CSR. Since the CSR does not appear to actually be needed by Satellite then it should not be a required parameter.

Comment 2 Ashish Humbe 2017-08-28 03:41:02 UTC

This bugzilla is duplicate of - https://bugzilla.redhat.com/show_bug.cgi?id=1233431

Comment 3 Tomer Brisker 2017-08-28 07:16:44 UTC

Thank you Ashish, closing as duplicate.

*** This bug has been marked as a duplicate of bug 1233431 ***

Note You need to log in before you can comment on or make changes to this bug.