Bug 798454 - SSLCACertificateFile not set properly in /etc/httpd/conf.d/pulp.conf
SSLCACertificateFile not set properly in /etc/httpd/conf.d/pulp.conf
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Subscription Management (Show other bugs)
6.0.0
Unspecified Unspecified
high Severity high (vote)
: Unspecified
: --
Assigned To: Lukas Zapletal
Og Maciel
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-28 16:42 EST by Justin Sherrill
Modified: 2014-09-18 11:32 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-08-22 14:29:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Justin Sherrill 2012-02-28 16:42:26 EST
Description of problem:

As part of the install/configuration, SSLCACertificateFile is not set properly in /etc/httpd/conf.d/pulp.conf.  This should be set to the same thing as in /etc/pulp/pulp.conf (/etc/candlepin/certs/candlepin-ca.crt)

The result of all this is that the uber cert does not work for debugging withou this change.  The browser is never prompted to use the ubercert.

Came about from: https://bugzilla.redhat.com/show_bug.cgi?id=798418
Comment 2 Lukas Zapletal 2012-03-02 06:14:50 EST
Okay.
Comment 3 Lukas Zapletal 2012-03-02 06:42:44 EST
Pushing upstream, waiting for PM ack.

b6fbd05 798454 - SSLCACertificateFile not set properly
Comment 4 Lukas Zapletal 2012-03-02 11:23:21 EST
Ther is also one in the ssl.conf but I believe this is not used.
Comment 6 Og Maciel 2012-03-06 14:13:03 EST
Lukáš, this is what I see right now:

[root@qetello03 ~]# grep "SSLCACertificateFile" /etc/httpd/conf.d/pulp.conf
SSLCACertificateFile /etc/pki/pulp/ca.crt
[root@qetello03 ~]# vim /etc/pulp/pulp.conf
[security]
cacert:  /etc/candlepin/certs/candlepin-ca.crt
cakey:   /etc/candlepin/certs/candlepin-ca.key
user_cert_expiration: 7
consumer_cert_expiration: 3650

fwiw here's the version for katello-configure: katello-configure-0.1.101-1.el6.noarch
Comment 8 Og Maciel 2012-03-09 10:49:03 EST
Verified:
* candlepin-0.5.24-1.el6.noarch
* candlepin-tomcat6-0.5.24-1.el6.noarch
* katello-0.1.303-1.el6.noarch
* katello-all-0.1.303-1.el6.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.0.4-1.el6.noarch
* katello-cli-0.1.102-1.el6.noarch
* katello-cli-common-0.1.102-1.el6.noarch
* katello-common-0.1.303-1.el6.noarch
* katello-configure-0.1.104-1.el6.noarch
* katello-glue-candlepin-0.1.303-1.el6.noarch
* katello-glue-foreman-0.1.303-1.el6.noarch
* katello-glue-pulp-0.1.303-1.el6.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-0.1.8-1.el6.noarch
* pulp-1.0.0-4.el6.noarch
* pulp-common-1.0.0-4.el6.noarch
* pulp-selinux-server-1.0.0-4.el6.noarch

Note You need to log in before you can comment on or make changes to this bug.