Bug #11785
open
Issues with custom certificates
Added by Eric Helms over 9 years ago.
Updated 4 months ago.
Description
Support issue for collecting problems/issues related to custom certificate usage
In our environment we have to jump through a few hoops because we use signed SAN certs from thawte.
We lay down the SSL certs onto the local file system in a "staging" path, and then pass those paths to the installer command along with our answer file.
---
- name: Run Katello Installer (This step takes ~30 minutes and has no output)
command: >
chdir=/etc/katello-installer
katello-installer
--certs-server-cert katello.cert
--certs-server-cert-req katello.req
--certs-server-key katello.key
--certs-server-ca-cert katello.ca.cert
--certs-update-all
register: command_result
failed_when: "'Success!' not in command_result.stdout"
- name: Set Installed Fact
shell: touch /etc/katello_bootstrapped
The output puts us in a situation that "sorta" works. It seems that different parts of the system are using a different ca file:
[ root@katello-n01.staging conf.d ]# grep SSLCertificateChainFile *
03-crane.conf: SSLCertificateChainFile "/etc/pki/katello/certs/katello-server-ca.crt"
05-foreman-ssl.conf: SSLCertificateChainFile "/etc/pki/katello/certs/katello-default-ca.crt"
[ root@katello-n01.staging conf.d ]# grep SSLCACertificateFile *
03-crane.conf: SSLCACertificateFile "/etc/pki/katello/certs/katello-server-ca.crt"
05-foreman-ssl.conf: SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
pulp.conf:SSLCACertificateFile /etc/pki/katello/certs/katello-default-ca.crt
katello-server-ca.crt seems to be the correct tone. katello-default-ca.crt has a self-signed (generated by the installer?)
- Tracker changed from Support to Bug
- Translation missing: en.field_release set to 114
- Target version deleted (
Katello Backlog)
Also available in: Atom
PDF