Bug 1426416 - katello-certs-check needs to provide differentiating data for capsule-certs-generate to avoid error
Summary: katello-certs-check needs to provide differentiating data for capsule-certs-g...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Infrastructure
Version: 6.2.7
Hardware: All
OS: Linux
high
medium
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Nikhil Kathole
URL: http://projects.theforeman.org/issues...
Whiteboard:
Depends On: 1417734
Blocks: 1417399
TreeView+ depends on / blocked
 
Reported: 2017-02-23 20:47 UTC by Satellite Program
Modified: 2020-03-11 15:50 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1417734
Environment:
Last Closed: 2018-02-21 17:00:47 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 18310 0 Normal Closed katello-certs-check needs to provide differentiating data for capsule-certs-generate to avoid error 2020-09-09 15:48:52 UTC
Red Hat Bugzilla 1417399 0 high CLOSED Incorrect section/command for generating capsule certs-tar 2021-02-22 00:41:40 UTC

Comment 2 Nikhil Kathole 2017-11-20 10:21:50 UTC 
VERIFIED

Version Tested:
Satellite-6.3 Snap 25

steps:
1. Generated certs
2. Run Katello-certs-check with certs

# katello-certs-check -c server.valid.crt -k server.key -r server.csr  -b rootCA.pem
Checking expiration of certificate: [OK]
Checking expiration of CA bundle: [OK]
Validating the certificate subject= /C=XX/L=Default City/O=Default Company Ltd
Checking to see if the private key matches the certificate: [OK]
Checking ca bundle against the cert file: [OK]
Checking for non ascii characters[OK]

Validation succeeded.

To install the Katello main server with the custom certificates, run:

    foreman-installer --scenario katello\
                      --certs-server-cert "/root/certs/server.valid.crt"\
                      --certs-server-cert-req "/root/certs/server.csr"\
                      --certs-server-key "/root/certs/server.key"\
                      --certs-server-ca-cert "/root/certs/rootCA.pem"

To update the certificates on a currently running Katello installation, run:

    foreman-installer --scenario katello\
                      --certs-server-cert "/root/certs/server.valid.crt"\
                      --certs-server-cert-req "/root/certs/server.csr"\
                      --certs-server-key "/root/certs/server.key"\
                      --certs-server-ca-cert "/root/certs/rootCA.pem"\
                      --certs-update-server --certs-update-server-ca

To use them inside a NEW $FOREMAN_PROXY, run this command:

    foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\
                                 --certs-tar  "~/$FOREMAN_PROXY-certs.tar"\
                                 --server-cert "/root/certs/server.valid.crt"\
                                 --server-cert-req "/root/certs/server.csr"\
                                 --server-key "/root/certs/server.key"\
                                 --server-ca-cert "/root/certs/rootCA.pem"\

To use them inside an EXISTING $FOREMAN_PROXY, run this command INSTEAD:

    foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\
                                 --certs-tar  "~/$FOREMAN_PROXY-certs.tar"\
                                 --server-cert "/root/certs/server.valid.crt"\
                                 --server-cert-req "/root/certs/server.csr"\
                                 --server-key "/root/certs/server.key"\
                                 --server-ca-cert "/root/certs/rootCA.pem"\
                                 --certs-update-server

Successfully showed two different scenarios for NEW and EXISTING capsule to update certs.
Comment 3 Bryan Kearney 2018-02-21 17:00:47 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336
Note You need to log in before you can comment on or make changes to this bug.