Red Hat Bugzilla – Bug 1463018
katello-certs-check does not verify server's certificate is PEM encoded
Last modified: 2018-03-15 20:50:41 EDT
Description of problem: The Bash script `katello-certs-check` does not verify server's certificate is PEM encoded, resulting in failure to install the certificate.
Version-Release number of selected component (if applicable): 6.2.9
How reproducible: Every time.
Steps to Reproduce:
1. Generate an SSL certificate for the Satellite Server.
2. Convert it into DER format.
3. Install the certificate (in DER encoding) in Satellite.
Actual results: Instances of the following errors appear in log file /var/log/foreman-proxy/proxy.log:
OpenSSL::SSL:SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
Expected results: The custom SSL certificate is installed successfully.
Additional info: This BZ ticket was raised as a result of customer case 01864075.
Foreman issue: http://projects.theforeman.org/issues/20054
I believe *ALL* certificates used in the process of installing a custom SSL certificate must be PEM encoded, including that provided by the CA. Instead of trying to resolve both issues in the one BZ ticket, and Redmine issue, I have kept the scope of this BZ ticket to ONLY the server's certificate.