Description of problem: Argument -r REQ_FILE in katello-certs-check utility is not mandatory. Thus if -r argument is not passed while performing check, it throws some warning as readlink: missing operand. Version-Release number of selected component (if applicable): sat 6.3 snap 24 # rpm -qa | grep katello-certs katello-certs-tools-2.4.0-1.el7sat.noarch How reproducible:always Steps to Reproduce: 1. openssl genrsa -out rootCA.key 2048 2. openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem 3. openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr 4. openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.valid.crt -days 100 -sha256 5. katello-certs-check -c server.valid.crt -k server.key -b rootCA.pem Checking expiration of certificate: [OK] Checking expiration of CA bundle: [OK] Validating the certificate subject= /C=XX/L=Default City/O=Default Company Ltd Checking to see if the private key matches the certificate: [OK] Checking ca bundle against the cert file: [OK] Checking for non ascii characters[OK] readlink: missing operand Try 'readlink --help' for more information. readlink: missing operand Try 'readlink --help' for more information. readlink: missing operand Try 'readlink --help' for more information. readlink: missing operand Try 'readlink --help' for more information. Validation succeeded. To install the Katello main server with the custom certificates, run: foreman-installer --scenario katello\ --certs-server-cert "/root/certs/server.valid.crt"\ --certs-server-cert-req ""\ --certs-server-key "/root/certs/server.key"\ --certs-server-ca-cert "/root/certs/rootCA.pem" To update the certificates on a currently running Katello installation, run: foreman-installer --scenario katello\ --certs-server-cert "/root/certs/server.valid.crt"\ --certs-server-cert-req ""\ --certs-server-key "/root/certs/server.key"\ --certs-server-ca-cert "/root/certs/rootCA.pem"\ --certs-update-server --certs-update-server-ca To use them inside a NEW $FOREMAN_PROXY, run this command: foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\ --certs-tar "~/$FOREMAN_PROXY-certs.tar"\ --server-cert "/root/certs/server.valid.crt"\ --server-cert-req ""\ --server-key "/root/certs/server.key"\ --server-ca-cert "/root/certs/rootCA.pem"\ To use them inside an EXISTING $FOREMAN_PROXY, run this command INSTEAD: foreman-proxy-certs-generate --foreman-proxy-fqdn "$FOREMAN_PROXY"\ --certs-tar "~/$FOREMAN_PROXY-certs.tar"\ --server-cert "/root/certs/server.valid.crt"\ --server-cert-req ""\ --server-key "/root/certs/server.key"\ --server-ca-cert "/root/certs/rootCA.pem"\ --certs-update-server Actual results: Check passed but it shows some warning readlink: missing operand Try 'readlink --help' for more information. readlink: missing operand Try 'readlink --help' for more information. readlink: missing operand Try 'readlink --help' for more information. readlink: missing operand Try 'readlink --help' for more information. Expected results: Warning should handle. Additional info:
VERIFIED Version tested: Sat 6.4 snap 8 There is no longer -r option in katello-certs-check utility. # katello-certs-check One of the required parameters is missing Verifies, that custom ssl cert files are usable as part of the Katello installation. usage: /usr/sbin/katello-certs-check -c CERT_FILE -k KEY_FILE -b CA_BUNDLE_FILE
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2927