Bug 1557436 - Unnecessary requirement of CSR when running --certs-update-server
Summary: Unnecessary requirement of CSR when running --certs-update-server
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Certificates
Version: 6.2.14
Hardware: All
OS: Linux
unspecified
medium vote
Target Milestone: Released
Assignee: Eric Helms
QA Contact: Nikhil Kathole
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-16 15:05 UTC by Mario Mikocevic
Modified: 2019-10-07 17:20 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-14 12:37:00 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1222 None None None 2019-05-14 12:37:15 UTC
Foreman Issue Tracker 16911 None None None 2018-05-31 01:22:18 UTC

Description Mario Mikocevic 2018-03-16 15:05:58 UTC
Please *remove* requirement of '--certs-server-cert-req' option when 'upgrading' to the new CA.
CSR is *not* required for runtime and `satellite-installer` wrongly burps error ->

[root@lxsatapv1p work]# satellite-installer --scenario satellite --certs-server-cert /etc/pki/tls/certs/lxsatapv1p.crt --certs-server-key /etc/pki/tls/private/lxsatapv1p.key --certs-server-ca-cert /etc/pki/tls/certs/ca-bundle.crt --certs-update-server --certs-update-server-ca
Marking certificate /root/ssl-build/lxsatapv1p.dc.ht.hr/lxsatapv1p.dc.ht.hr-apache for update
Marking certificate /root/ssl-build/lxsatapv1p.dc.ht.hr/lxsatapv1p.dc.ht.hr-foreman-proxy for update
Marking certificate /root/ssl-build/katello-server-ca for update
 "" is not an absolute path. at /usr/share/katello-installer-base/modules/certs/manifests/init.pp:116 on node lxsatapv1p.dc.ht.hr
 "" is not an absolute path. at /usr/share/katello-installer-base/modules/certs/manifests/init.pp:116 on node lxsatapv1p.dc.ht.hr
Preparing installation Done
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/foreman-installer/satellite.log

Comment 4 Nikhil Kathole 2018-12-14 07:01:50 UTC
VERIFIED

Version tested:
Satellite 6.5 snap 7

--certs-server-cert-req not required while updating ca (--certs-update-server)

Comment 7 errata-xmlrpc 2019-05-14 12:37:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222


Note You need to log in before you can comment on or make changes to this bug.