Hide Forgot
Description of problem: As part of the install/configuration, SSLCACertificateFile is not set properly in /etc/httpd/conf.d/pulp.conf. This should be set to the same thing as in /etc/pulp/pulp.conf (/etc/candlepin/certs/candlepin-ca.crt) The result of all this is that the uber cert does not work for debugging withou this change. The browser is never prompted to use the ubercert. Came about from: https://bugzilla.redhat.com/show_bug.cgi?id=798418
Okay.
Pushing upstream, waiting for PM ack. b6fbd05 798454 - SSLCACertificateFile not set properly
Ther is also one in the ssl.conf but I believe this is not used.
Lukáš, this is what I see right now: [root@qetello03 ~]# grep "SSLCACertificateFile" /etc/httpd/conf.d/pulp.conf SSLCACertificateFile /etc/pki/pulp/ca.crt [root@qetello03 ~]# vim /etc/pulp/pulp.conf [security] cacert: /etc/candlepin/certs/candlepin-ca.crt cakey: /etc/candlepin/certs/candlepin-ca.key user_cert_expiration: 7 consumer_cert_expiration: 3650 fwiw here's the version for katello-configure: katello-configure-0.1.101-1.el6.noarch
Verified: * candlepin-0.5.24-1.el6.noarch * candlepin-tomcat6-0.5.24-1.el6.noarch * katello-0.1.303-1.el6.noarch * katello-all-0.1.303-1.el6.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.0.4-1.el6.noarch * katello-cli-0.1.102-1.el6.noarch * katello-cli-common-0.1.102-1.el6.noarch * katello-common-0.1.303-1.el6.noarch * katello-configure-0.1.104-1.el6.noarch * katello-glue-candlepin-0.1.303-1.el6.noarch * katello-glue-foreman-0.1.303-1.el6.noarch * katello-glue-pulp-0.1.303-1.el6.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-qpid-client-key-pair-1.0-1.noarch * katello-selinux-0.1.8-1.el6.noarch * pulp-1.0.0-4.el6.noarch * pulp-common-1.0.0-4.el6.noarch * pulp-selinux-server-1.0.0-4.el6.noarch