Bug 1802302 - Need to remove extra character printed by katello-certs-check
Summary: Need to remove extra character printed by katello-certs-check
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Branding
Version: 6.7.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: 6.7.0
Assignee: Chris Roberts
QA Contact: Radovan Drazny
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-12 20:35 UTC by Ganesh Payelkar
Modified: 2020-04-14 13:28 UTC (History)
3 users (show)

Fixed In Version: foreman-installer-1.24.1.10-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-14 13:28:43 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:1454 None None None 2020-04-14 13:28:53 UTC

Description Ganesh Payelkar 2020-02-12 20:35:05 UTC
Description of problem:

When we are using katello-certs-check to check our custom/External SSL certificates for installation and output of command which we need to pass with an installer, 

we have seen extra character at the end of capsule-certs-generate


Version-Release number of selected component (if applicable):
satellite-capsule-6.7.0-5.beta.el7sat.noarch
foreman-installer-katello-1.24.1.5-1.el7sat.noarch

How reproducible:
Installation of SSL certs

Steps to Reproduce:
1. Create CSR and Signed it from CA
2. Use katello-certs-check tool to check certificates and installer commands
3.

Actual results:

# katello-certs-check -c vm123.crt -k vm123_cert_key.pem -b CA-Chain.crt
Checking server certificate encoding:
[OK]
 
Checking expiration of certificate:
[OK]
 
Checking expiration of CA bundle:
[OK]
 
Checking if server certificate has CA:TRUE flag
[OK]
 
Checking for private key passphrase:
[OK]
 
Checking to see if the private key matches the certificate:
[OK]
 
Checking CA bundle against the certificate file:
[OK]
 
Checking Subject Alt Name on certificate
[OK]
 
Checking Key Usage extension on certificate for Key Encipherment
[OK]
 
Validation succeeded
 
 
  To use them inside a NEW $CAPSULE, run this command:
 
      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                   --certs-tar  "~/$CAPSULE-certs.tar" \
                                   --server-cert "/root/certs/vm123.crt" \
                                   --server-key "/root/certs/vm123_cert_key.pem" \
                                   --server-ca-cert "/root/certs/CA-Chain.crt" \        <---- we should remove this "\"
 
  To use them inside an EXISTING $CAPSULE, run this command INSTEAD:
 
      capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                   --certs-tar  "~/$CAPSULE-certs.tar" \
                                   --server-cert "/root/certs/vm123.crt" \
                                   --server-key "/root/certs/vm123_cert_key.pem" \
                                   --server-ca-cert "/root/certs/CA-Chain.crt" \
                                   --certs-update-server


Expected results:

 capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" \
                                   --certs-tar  "~/$CAPSULE-certs.tar" \
                                   --server-cert "/root/certs/vm123.crt" \
                                   --server-key "/root/certs/vm123_cert_key.pem" \
                                   --server-ca-cert "/root/certs/CA-Chain.crt" 
Additional info:

Comment 4 Radovan Drazny 2020-03-11 15:53:05 UTC
Tested with Sat 6.7 Snap 15 (foreman-installer-1.24.1.14-1.el7sat.noarch)

# katello-certs-check -c dhcp-2-41.vms.sat.rdu2.redhat.com.crt -k dhcp-2-41.vms.sat.rdu2.redhat.com.key -b cacert.asc 
Checking server certificate encoding: 
[OK]

Checking expiration of certificate: 
[OK]

Checking expiration of CA bundle: 
[OK]

Checking if server certificate has CA:TRUE flag 
[OK]

Checking for private key passphrase: 
[OK]

Checking to see if the private key matches the certificate: 
[OK]

Checking CA bundle against the certificate file: 
[OK]

Checking Subject Alt Name on certificate 
[OK]

Checking Key Usage extension on certificate for Key Encipherment 
[OK]

Validation succeeded


To install the Red Hat Satellite Server with the custom certificates, run:

    satellite-installer --scenario satellite \
                      --certs-server-cert "/root/customssl/dhcp-2-41.vms.sat.rdu2.redhat.com.crt" \
                      --certs-server-key "/root/customssl/dhcp-2-41.vms.sat.rdu2.redhat.com.key" \
                      --certs-server-ca-cert "/root/customssl/cacert.asc"

To update the certificates on a currently running Red Hat Satellite installation, run:

    satellite-installer --scenario satellite \
                      --certs-server-cert "/root/customssl/dhcp-2-41.vms.sat.rdu2.redhat.com.crt" \
                      --certs-server-key "/root/customssl/dhcp-2-41.vms.sat.rdu2.redhat.com.key" \
                      --certs-server-ca-cert "/root/customssl/cacert.asc" \
                      --certs-update-server --certs-update-server-ca

The trailing "\" is gone.

Comment 7 errata-xmlrpc 2020-04-14 13:28:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454


Note You need to log in before you can comment on or make changes to this bug.