Description of problem: The new "Register Host" feature fails on host due to a curl error. But I am able to register using the normal method. I am using /etc/hosts for domain name requests,. [root@gsnode1 ~]# curl -X GET "https://gssat69.usersys.redhat.com:9090/register?location_id=2&organization_id=1" -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE2MTIxMzgzMDEsImp0aSI6ImFmZTJiZTg1ZDU2YTZjYmIxZmYzMjRmZDIxMmE5ODlmZDhlNjQ2NGMyNjAwNTVkZjg1MTVjYzQ1M2MyZjJiZmUiLCJleHAiOjE2MTIxNTI3MDF9.ehcEcr_0CoFkmNXIsJVTF0gQCgtw8IxNXEV0GKGBmvI' | bash % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. [root@gsnode1 ~]# rpm -Uvh http://gssat69/pub/katello-ca-consumer-latest.noarch.rpm Retrieving http://gssat69/pub/katello-ca-consumer-latest.noarch.rpm Preparing... ################################# [100%] Updating / installing... 1:katello-ca-consumer-gssat69.users################################# [100%] [root@gsnode1 ~]# subscription-manager register Registering to: gssat69.usersys.redhat.com:443/rhsm Username: admin Password: Environment: Library The system has been registered with ID: ed001ffd-538d-4aa8-86dd-49e84305ed62 The registered system name is: gsnode1.usersys.redhat.com [root@gsnode1 ~]# Version-Release number of selected component (if applicable): 6.9.0 beta How reproducible: Failure happens ever time I try it. Steps to Reproduce: 1. Frsh install of satellite 6.9 beta 2. Try to register a host using the new feature 3. Actual results: curl command fails Expected results: Registration should complete.
So I was the admin user when I generated this command. Later the command worked and subsequent registration attempts worked. MAybe it was just my setup.
see also: Bug 1922944 - Getting "curl:(51)" error while registering with Global Registration Curl command but registration with activation key works.
Hi Gary, Can you take a quick look at bug 1922944? The 2 bugzillas look like they may be duplicates, but would like to get your feedback. Thanks!
Hi, this is correct behavior, the problem is that you don't have installed CA on the registered host machine. There are two ways how to fix it: 1. - Run command with "--insecure" parameter (in latest snap should be part of UI form) 2. - Deploy CA file on the host & then run curl command again
*** Bug 1922944 has been marked as a duplicate of this bug. ***
Brad, Yeah, that other BZ was a duplicate. As Leos mentioned, --insecure worked and allowed the command to run. So as long as the --insecure option is in the gui, I guess this bug can be closed. Sorry for the delay, this past week has been busy.
I want to correct myself, --insecure option is not in the latest snap yet, the PR is still waiting for merge: https://gitlab.sat.engineering.redhat.com/satellite6/foreman/-/merge_requests/559
Missing --insecure in form will be fixed in https://bugzilla.redhat.com/show_bug.cgi?id=1916307 Meanwhile you can manually update curl call with '--insecure' parameter. MR for 6.9: https://gitlab.sat.engineering.redhat.com/satellite6/foreman/-/merge_requests/559 *** This bug has been marked as a duplicate of bug 1916307 ***