Discord thread: https://community.theforeman.org/t/errno-14-https-error-403-forbidden-redhat-repositories-only/21041 <pre> Katello is still using its self-signed default CA to distribute entitlement certificates. This is expected. However, pulpcore certguard has the wrong CA configured in its database - it has picked up the Server CA, which should only be used for clients to authenticate the server certificate. Updating the content of ca_certificate in pulpcore:certguard_rhsmcertguard fixes the issue and allows clients to access the repo. psql -d pulpcore pulpcore=# \set content cat /etc/pki/katello/certs/katello-default-ca-stripped.crt`` pulpcore=# update certguard_rhsmcertguard SET ca_certificate = :'content' ; </pre>
Created from redmine issue https://projects.theforeman.org/issues/32624
Upstream bug assigned to ehelms
Upstream bug assigned to jsherril
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/32624 has been resolved.
FYI I've just hit this in 6.10.0 snap 4.0.
adding 6.9.z flag, as i think backporting is worth it
*** Bug 1977893 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.10 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:4702