Description of problem: katello-certs-check should display a warning if there is a passphrase protected Version-Release number of selected component (if applicable): satellite-6.6.0-5.beta.el7sat.noarch foreman-installer-katello-1.22.0.8-1.el7sat.noarch How reproducible: Always Steps to Reproduce: 1. Create a key with password protected 2. # openssl genrsa -aes128 -passout pass:foobar -out /root/sat_cert/satellite_cert_key.pem 4096 3. For verification use katello-certs-check Actual results: # katello-certs-check -c vm250-205.gsslab.pnq2.redhat.com.crt -k satellite_cert_key.pem -b CA-Chain.crt Checking server certificate encoding: [OK] Checking expiration of certificate: [OK] Checking expiration of CA bundle: [OK] Checking if server certificate has CA:TRUE flag [OK] Checking to see if the private key matches the certificate: Enter pass phrase for /root/sat_cert/satellite_cert_key.pem: [OK] Checking CA bundle against the certificate file: [OK] Checking Subject Alt Name on certificate [OK] Checking Key Usage extension on certificate for Key Encipherment [OK] Validation succeeded To install the Red Hat Satellite Server with the custom certificates, run: satellite-installer --scenario satellite \ --certs-server-cert "/root/sat_cert/satellite.crt" \ --certs-server-key "/root/sat_cert/satellite_cert_key.pem" \ --certs-server-ca-cert "/root/sat_cert/CA-Chain.crt" To update the certificates on a currently running Red Hat Satellite installation, run: satellite-installer --scenario satellite \ --certs-server-cert "/root/sat_cert/satellite.crt" \ --certs-server-key "/root/sat_cert/satellite_cert_key.pem" \ --certs-server-ca-cert "/root/sat_cert/CA-Chain.crt" \ --certs-update-server --certs-update-server-ca Expected results: It should warn us that you have a password-protected key and it will not work with satellite Additional info:
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/27876 has been resolved.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1454