Description of problem: katello-certs-check reports that wildcard certificates are valid to use with satellite (correctly), but returns an error in the process Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1.# katello-certs-check -c sat_cert/satellite.domain.com.crt -k sat_cert/satellite.domain.com.key -b sat_cert/DigiCert.crt ... /sbin/katello-certs-check: line 168: [: too many arguments Validation succeeded ... 2. Line 168: if [ $EXIT_CODE == "0" -a $CERT_HOSTNAME == $HOSTNAME ]; then 3. $CERT_HOSTNAME is set with: CERT_HOSTNAME=$(openssl x509 -noout -subject -in $CERT_FILE | sed -e 's/^subject.*CN=\([a-zA-Z0-9\.\-]*\).*$/\1/') 4. On a valid wildcard, this regex fails: # openssl x509 -noout -subject -in sat_cert/satellite.example.com.crt | sed -e 's/^subject.*CN=\([a-zA-Z0-9\.\-]*\).*$/\1/' # openssl x509 -noout -subject -in sat_cert/satellite.example.com.crt subject= /C=US/ST=STATE/L=CITY/O=EXAMPLE/CN=*.example.com A corrected regex: # openssl x509 -noout -subject -in sat_cert/satellite.example.com.crt | sed -e 's/^subject.*CN=\([a-zA-Z0-9\.\-]*|\*\).*$/\1/' subject= /C=US/ST=STATE/L=CITY/O=EXAMPLE/CN=*.example.com Actual results: ... /sbin/katello-certs-check: line 168: [: too many arguments Validation succeeded ... Expected results: ... Validation succeeded ... Additional info: Satellite has no issues with these certificates.
See also: Bug 1654326 - katello-certs-check gives the wrong output if using certificate with wildcard Bug 1658360 - katello-certs-check is not showing satellite-installer command if wildcard SSL certificate is used.
*** This bug has been marked as a duplicate of bug 1658360 ***