Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1625615 - Unable to Install Satellite with custom certificate
Summary: Unable to Install Satellite with custom certificate
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Certificates
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: Unspecified
Assignee: Chris Roberts
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks: 1616228
TreeView+ depends on / blocked
 
Reported: 2018-09-05 11:18 UTC by Sanket Jagtap
Modified: 2024-02-28 20:32 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-07 17:05:57 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Sanket Jagtap 2018-09-05 11:18:49 UTC 
Description of problem:
Trying to install Satellite with Custom Certs

Version-Release number of selected component (if applicable):
Build:Satellite 6.4.0 snap 20

How reproducible:
Always

Steps to Reproduce:
1. Have custom Certs created 
2. Run the Installer passing these certs
3.


Actual results:
 /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[qe-sat6-client-arch.domain]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to: https://qe-sat6-client-arch.domain/api/v2/smart_proxies?search=name=%22qe-sat6-client-arch.domain%22

Expected results:
Installer should install satellite with custom certs

Additional info:
PFA, foreman-debug
Katello certs check passed for the certs:
katello-certs-check -c sat.server.crt -k sat.server.key -b ca.crt 
Checking server certificate's encoding: [OK]
Checking expiration of certificate: [OK]
Checking expiration of CA bundle: [OK]
Checking if server cert has CA:TRUE flag[OK]
Validating the certificate subject= /C=US/ST=California/L=San Francisco/O=Bogus Inc./OU=Operations/CN=qe-sat6-client-arch.usersys.redhat.com
Checking to see if the private key matches the certificate: [OK]
Checking ca bundle against the cert file: [OK]
Checking Subject Alt Name on certificate[OK]
Checking Key Usage extension on certificate for Key Encipherment[OK]

Validation succeeded.

To install the Katello main server with the custom certificates, run:

    foreman-installer --scenario katello\
                      --certs-server-cert "/root/sat.server.crt"\
                      --certs-server-key "/root/sat.server.key"\
                      --certs-server-ca-cert "/root/ca.crt"

To update the certificates on a currently running Katello installation, run:

    foreman-installer --scenario katello\
                      --certs-server-cert "/root/sat.server.crt"\
                      --certs-server-key "/root/sat.server.key"\
                      --certs-server-ca-cert "/root/ca.crt"\
                      --certs-update-server --certs-update-server-ca
Comment 3 Chris Roberts 2018-09-07 17:05:57 UTC 
Tested with a clean install of snap 21 and not seeing the issue:

http://rx-paste.usersys.redhat.com/view/2607b648

Closing as WORKSFORME
Note You need to log in before you can comment on or make changes to this bug.