Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 769887 - Changes that needs to be done to integrate Katello generated certificates
Summary: Changes that needs to be done to integrate Katello generated certificates
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Packaging
Version: 6.0.1
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: Unspecified
Assignee: Bryan Kearney
QA Contact: Eric Sammons
URL:
Whiteboard:
Depends On:
Blocks: 703617 katello-blockers
TreeView+ depends on / blocked
 
Reported: 2011-12-22 16:05 UTC by Lukas Zapletal
Modified: 2013-08-16 18:20 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-03 08:47:31 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Lukas Zapletal 2011-12-22 16:05:32 UTC 
Hello,

current version of Katello installer deploys several certificates, which are currently not uses by this backend engine. The complete list can be found here:

https://fedorahosted.org/katello/wiki/Certificates#Katellopuppetinstallergenerates

(chapter "Katello puppet installer generates")

The idea is Katello (and it's installer) will generate all necesarry certificates for all backend engines. All will be signed with the only one CA (also generated by the Katello installer - /usr/share/katello/RHN-ORG-TRUSTED-SSL-CERT).

Purpose of this task is to install current version of Katello (you can use our beaker test - I can provide you a link) and to configure the backend engine to use new Katello generated certificates. Possible outcome:

1) Only configuration change - backend engine only needs to be reconfigured. Please collect all the required steps which are needed in this BZ.

2) Configuration change + change in the backend engine code - since certificates will be signed with a different CA, some changes may be needed to get it working. Please link all possible RHBZ with this one. Once changes are done, 

3) Some more certificates needs to be generated - please provide us information about what particular certificate is missing, what format is expected and what is the preferred directory. We will add new generation step in our installer.

4) None of above - let's setup a meeting where we discuss other options if there are any issues.

Please cover all parts of the backend engine where certificates are involved.

In case of Candlepin, the following certificates should be relevant:

/etc/pki/katello/keystore - for tomcat
? - the Candlepin CA - Q - can we create this CA and sign it with the Katello CA? 
? - any other certificates are needed for Candlepin?

This RHBZ is more or less a "tracking" ticket. Please contact me (lzap) if you have any questions or issues. Many thanks for help.
Comment 2 Mike McCune 2013-08-16 18:20:20 UTC 
getting rid of 6.0.0 version since that doesn't exist
Note You need to log in before you can comment on or make changes to this bug.