Actions
Bug #11785
openIssues with custom certificates
Description
Support issue for collecting problems/issues related to custom certificate usage
Updated by Greg Swift over 9 years ago
In our environment we have to jump through a few hoops because we use signed SAN certs from thawte.
We lay down the SSL certs onto the local file system in a "staging" path, and then pass those paths to the installer command along with our answer file.
--- - name: Run Katello Installer (This step takes ~30 minutes and has no output) command: > chdir=/etc/katello-installer katello-installer --certs-server-cert katello.cert --certs-server-cert-req katello.req --certs-server-key katello.key --certs-server-ca-cert katello.ca.cert --certs-update-all register: command_result failed_when: "'Success!' not in command_result.stdout" - name: Set Installed Fact shell: touch /etc/katello_bootstrapped
The output puts us in a situation that "sorta" works. It seems that different parts of the system are using a different ca file:
[ root@katello-n01.staging conf.d ]# grep SSLCertificateChainFile * 03-crane.conf: SSLCertificateChainFile "/etc/pki/katello/certs/katello-server-ca.crt" 05-foreman-ssl.conf: SSLCertificateChainFile "/etc/pki/katello/certs/katello-default-ca.crt" [ root@katello-n01.staging conf.d ]# grep SSLCACertificateFile * 03-crane.conf: SSLCACertificateFile "/etc/pki/katello/certs/katello-server-ca.crt" 05-foreman-ssl.conf: SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt" pulp.conf:SSLCACertificateFile /etc/pki/katello/certs/katello-default-ca.crt
katello-server-ca.crt seems to be the correct tone. katello-default-ca.crt has a self-signed (generated by the installer?)
Updated by Eric Helms about 9 years ago
- Tracker changed from Support to Bug
- Translation missing: en.field_release set to 114
Actions