VERIFIED Version Tested: Satellite-6.3 Snap 25 steps: 1. Generated certs 2. Run Katello-certs-check with certs # katello-certs-check -c server.valid.crt -k server.key -r server.csr -b rootCA.pem Checking expiration of certificate: [OK] Checking expiration of CA bundle: [OK] Validating the certificate subject= /C=XX/L=Default City/O=Default Company Ltd Checking to see if the private key matches the certificate: [OK] Checking ca bundle against the cert file: [OK] Checking for non ascii characters[OK] Validation succeeded. To install the Katello main server with the custom certificates, run: foreman-installer --scenario katello\ --certs-server-cert "/root/certs/server.valid.crt"\ --certs-server-cert-req "/root/certs/server.csr"\ --certs-server-key "/root/certs/server.key"\ --certs-server-ca-cert "/root/certs/rootCA.pem" To update the certificates on a currently running Katello installation, run: foreman-installer --scenario katello\ --certs-server-cert "/root/certs/server.valid.crt"\ --certs-server-cert-req "/root/certs/server.csr"\ --certs-server-key "/root/certs/server.key"\ --certs-server-ca-cert "/root/certs/rootCA.pem"\ --certs-update-server --certs-update-server-ca To use them inside a NEW $FOREMAN_PROXY, run this command: foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\ --certs-tar "~/$FOREMAN_PROXY-certs.tar"\ --server-cert "/root/certs/server.valid.crt"\ --server-cert-req "/root/certs/server.csr"\ --server-key "/root/certs/server.key"\ --server-ca-cert "/root/certs/rootCA.pem"\ To use them inside an EXISTING $FOREMAN_PROXY, run this command INSTEAD: foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\ --certs-tar "~/$FOREMAN_PROXY-certs.tar"\ --server-cert "/root/certs/server.valid.crt"\ --server-cert-req "/root/certs/server.csr"\ --server-key "/root/certs/server.key"\ --server-ca-cert "/root/certs/rootCA.pem"\ --certs-update-server Successfully showed two different scenarios for NEW and EXISTING capsule to update certs.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336