This bug was initially created as a copy of Bug #1670276 I am copying this bug because: Description of problem: In Satellite 6.4, Customer unable to sync custom repository which uses custom SSL Certificate for authentication Version-Release number of selected component (if applicable): Satellite 6.4 How reproducible: 100% Steps to Reproduce: 1. Create a custom repository with custom SSL certificate as mentioned in the documentations ----- https://access.redhat.com/documentation/en-us/red_hat_satellite/6.4/html-single/content_management_guide/#Importing_Custom_Content ----- 2. Sync the repo Actual results: sync failed with below error: ---- # hammer repository synchronize --id 53 [.....................................................] [100%] No new packages. Error: RPM1004: Error retrieving metadata: A connection error occurred ----- The log shows below error: ----- Downloading metadata from https://<vendor repository> Starting new HTTPS connection (1): <vendor repository> ERROR: Skipping requests to <vendor repository> due to repeated connection failures: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:618) ------ Expected results: Sync completed successfully . Additional info: - After creating the repository, we can check if the custom SSL cert are being set for the repository : ----- foreman-rake console Katello::Repository.find(<REPO ID>).importers.first["config"]["ssl_ca_cert"] Katello::Repository.find(<REPO ID>).importers.first["config"]["ssl_client_cert"] Katello::Repository.find(<REPO ID>).importers.first["config"]["ssl_client_key"] exit ------- This shows : ------- Then the following from the foreman-rake console: Katello::Repository.find(53).importers.first["config"]["ssl_ca_cert"] => nil Katello::Repository.find(53).importers.first["config"]["ssl_client_cert"] => nil Katello::Repository.find(53).importers.first["config"]["ssl_client_key"] => nil -------- Which means no SSL certs were set for the custom repository, for which it is failing. - Customer can download the repomd.xml file using the custom SSL Cert, which validate the certs are correct : -------- curl -v --cert /path/to/product/certs/cert.crt --key /path/to/product/certs/cert.key --proxy https://proxy.domain:3128 https://vendor.url/path/7Server/x86_64/repodata/repomd.xml --------- Workaround : This work around tested and working for now: ---------- Satellite 6 : Unable to synchronise a repository that uses SSL client certificates for authentication https://access.redhat.com/solutions/3626731 ---------- After applying the workaround : ----------- Katello::Repository.find(53).importers.first["config"]["ssl_ca_cert"] => nil Katello::Repository.find(53).importers.first["config"]["ssl_client_cert"] => "-----BEGIN CERTIFICATE-----......... <REMOVED>" Katello::Repository.find(53).importers.first["config"]["ssl_client_key"] => "-----BEGIN PRIVATE KEY-----......... <REMOVED>" -------------- This shows the Custom SSL certs were set for the repository.