Red Hat Bugzilla – Bug 599042
Installation over HTTPS Fails
Last modified: 2014-09-30 19:39:07 EDT
+++ This bug was initially created as a clone of Bug #599040 +++
Creating this bug report for tracking the feature in RHEL 6.
Description of problem:
When trying to do partly kickstart based installation of Fedora from an HTTPS repository, the attempt will fail if the certificate is self-signed (in other words it is not signed by a well-known CA). The user could make the used CA certificate trusted by modifying the global storage of trusted certificates (currently /etc/pki/tls/certs/ca-bundle.crt). This could be done in a %pre script, e.g:
cat >/etc/pki/tls/certs/ca-bundle.crt <<END
It is of course up to the user to make sure the certificate/kickstart file is obtained from a trusted source.
However, in some cases this workaround might not be optimal, ideally the installer could, for example, present a pop-up window asking whether or not to accept the certificate if the CA cert is not well-known (perhaps in the same spirit as Firefox does).
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release. Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release. This request is not yet committed for
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update release.
Fixed on rhel6-branch by
Will be fixed in anaconda-13.21.84-1.
See also bug 660340.
There has been three additional bugs opened describing problems with the feature opened: bug 678580, bug 678580 and bug 678574.
Moving this back to modified.
This is more like a tracker bug. I will move it to VERIFIED and will track remaining issues in separate BZs.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.