Description of problem: katello-certs-check does not ensures certificate has SubjectAltName. SubjectAltName is required in order to the browser accept the certificate. Version-Release number of selected component (if applicable): Satellite 6.2.11 How reproducible: 100% always Steps to Reproduce: 1. Create a certificate following the steps depicted in https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html-single/installation_guide/index#configuring_satellite_server_with_custom_server_certificate 2. Import the Certificate Actual results: SSL session fails Expected results: katello-certs-check should check for the SubjectAltName and bar the certificate import. Additional info:
Since Chrome version 58, subjectAltNames are required. See [1] for further information [1] - https://support.google.com/chrome/a/answer/7391219?hl=en
Verified on Satellite 6.4 snap 13, Subject Alt Name and Key Usage checks have been added and query the cert as expected
Setting requires_doc_text to '?'.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2927