Description of problem: Assume we have an Upstream HTTP Server that is serving the extracted CDN ISO content and a Downstream Server that can only talk to that http server. We need to be able specify custom ca cert (or ca credential) when we change the RedHat CDN url to the upstream url. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Get a content iso extracted in /var/www/html/pub/<myrepo> on some other box 2. Go to Subscriptions => Manage Manifest 3. Change the redhat cdn url to https://<fqdn>/pub/<myrepo>. Notice that you cannot specify the cert in this tab. 4. Go to Redhat Repositories and try expanding the available repositories. Actual results: You should get an error along the lines of 2022-07-28T18:01:33 [I|app|37e3cb19] CDN: Requesting path https://<webserver>:443/pub/repos/content/dist/rhel/server/7/listing /opt/rh/rh-ruby27/root/usr/share/ruby/net/protocol.rb:44: warning: exception in verify_callback is ignored 2022-07-28T18:01:33 [E|app|37e3cb19] Failed at scanning for repository: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) Expected results: Ability to set the SSL CA Credential even for Red Hat CDN. Additional notes: https://github.com/Katello/katello/blob/master/app/lib/katello/resources/cdn.rb#L64 needs to have a logic along the lines of if cdn_configuration.ssl_ca? options[:ssl_ca_cert] = cdn_configuration.ssl_ca else options[:ssl_ca_file] = self.ca_file end We also need to be able to set a SSL CA Credential on the Manage Manifests.
Connecting redmine issue https://projects.theforeman.org/issues/35296 from this bug
Upstream bug assigned to paji
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/35296 has been resolved.
Connecting redmine issue https://projects.theforeman.org/issues/35359 from this bug
Redhat CDN is not editable. There's a new CDN configuration type - Custom CDN. It allows to select (non-mandatory) Content Credential. Synchronization over Custom CDN is possible. VERIFIED with Satellite 6.12 SNAP13 @RHEL8.6
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Satellite 6.12 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:8506