Description of problem: After you run katello-certs-check with the correct arguments, you get output like To use them inside an EXISTING $CAPSULE, run this command INSTEAD: capsule-certs-generate --capsule--fqdn ""\ --certs-tar "~/-certs.tar"\ You need to specify the fqdn rather than "" Version-Release number of selected component (if applicable): foreman-installer-katello-3.0.0.96-1.el7sat.noarch How reproducible: 100% Steps to Reproduce: 1. Run katello-certs-check with the required parameters 2. 3. Actual results: To use them inside an EXISTING $CAPSULE, run this command INSTEAD: capsule-certs-generate --capsule--fqdn ""\ --certs-tar "~/-certs.tar"\ Expected results: To use them inside an EXISTING $CAPSULE, run this command INSTEAD: capsule-certs-generate --capsule--fqdn "capsule.mydomain.com"\ --certs-tar "~/-certs.tar"\ Additional info:
Fixed upstream: = Module foreman_proxy_certs: --certs-tar Path to tar file with certs to generate (current: UNDEF) --foreman-proxy-cname additional names of the foreman proxy (current: []) --foreman-proxy-fqdn FQDN of the foreman proxy (current: "test.katello.lan") --parent-fqdn FQDN of the parent node. Does not usually need to be set. (current: "test.katello.lan") Will address downstream
Ignore last screen, still fixed upstream/6.3 [root@centos7-katello-nightly ~]# katello-certs-check -b /etc/pki/katello/certs/katello-default-ca.crt -r /etc/pki/katello/certs/katello-default-ca.crt -k /etc/pki/katello/private/katello-apache.key -c /etc/pki/katello/certs/katello-apache.crt Checking expiration of certificate: [OK] Checking expiration of CA bundle: [OK] Checking if server cert has CA:TRUE flag[OK] Validating the certificate subject= /C=US/ST=North Carolina/O=Katello/OU=SomeOrgUnit/CN=centos7-katello-nightly.vault111.example.com Checking to see if the private key matches the certificate: [OK] Checking ca bundle against the cert file: [OK] Validation succeeded. To install the Katello main server with the custom certificates, run: foreman-installer --scenario katello\ --certs-server-cert "/etc/pki/katello/certs/katello-apache.crt"\ --certs-server-cert-req "/etc/pki/katello/certs/katello-default-ca.crt"\ --certs-server-key "/etc/pki/katello/private/katello-apache.key"\ --certs-server-ca-cert "/etc/pki/katello/certs/katello-default-ca.crt" To update the certificates on a currently running Katello installation, run: foreman-installer --scenario katello\ --certs-server-cert "/etc/pki/katello/certs/katello-apache.crt"\ --certs-server-cert-req "/etc/pki/katello/certs/katello-default-ca.crt"\ --certs-server-key "/etc/pki/katello/private/katello-apache.key"\ --certs-server-ca-cert "/etc/pki/katello/certs/katello-default-ca.crt"\ --certs-update-server --certs-update-server-ca To use them inside a NEW $FOREMAN_PROXY, run this command: foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\ --certs-tar "~/$FOREMAN_PROXY-certs.tar"\ --server-cert "/etc/pki/katello/certs/katello-apache.crt"\ --server-cert-req "/etc/pki/katello/certs/katello-default-ca.crt"\ --server-key "/etc/pki/katello/private/katello-apache.key"\ --server-ca-cert "/etc/pki/katello/certs/katello-default-ca.crt"\ To use them inside an EXISTING $FOREMAN_PROXY, run this command INSTEAD: foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\ --certs-tar "~/$FOREMAN_PROXY-certs.tar"\ --server-cert "/etc/pki/katello/certs/katello-apache.crt"\ --server-cert-req "/etc/pki/katello/certs/katello-default-ca.crt"\ --server-key "/etc/pki/katello/private/katello-apache.key"\ --server-ca-cert "/etc/pki/katello/certs/katello-default-ca.crt"\ --certs-update-server