Description of problem: After the installation of a custom server certificate, the new certificate CA chain is stored in "/etc/pki/katello/certs/katello-server-ca.crt" but the webserver configuration is not updated and still pointing to "/etc/pki/katello/certs/katello-default-ca.crt". I think the best option here would be changing the default satellite configuration to point always to /etc/pki/katello/certs/katello-server-ca.crt because it would be valid in both cases: - With the default installation katello-server-ca.crt contains default CA - With the custom certificate installation katello-server-ca.crt contains the new CA chain. Version-Release number of selected component (if applicable): 6.2.7 How reproducible: Always Steps to Reproduce: 1. Install Satellite with default self-signed certificate configuration 2. Follow the documentation [1] to configure custom server certificate Actual results: New certificate chain file not updated in webserver config: SSLCertificateChainFile "/etc/pki/katello/certs/katello-default-ca.crt" Expected results: New certificate chain file updated in webserver config: SSLCertificateChainFile "/etc/pki/katello/certs/katello-server-ca.crt" Additional info: [1] https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/installation_guide/installing_satellite_server#configuring_satellite_server_with_custom_server_certificate
As of 6.3, the Apache configuration reflects the request of this bug with the following being the configuration: SSLCertificateChainFile "/etc/pki/katello/certs/katello-server-ca.crt" Thus, I am closing this BZ as current release.