Katello should have a single way to manage CA certificates that it uses
There are two areas of code that make HTTPS calls to repositories:
- the katello part that browses the CDN on the repo enable page
- the pulp part that actually fetches the data
The Katello part uses redhat-uep.pem when making CDN calls. However, the Pulp portion uses the system's trust store. This means that URLs like https://dl.fedoraproject.org will work, but internal URLs in a data center will not, since the internal URL does not use redhat-uep.pem for its CA.
Ideally, Katello would have some kind of CA management to manage both of these areas, either via the web UI or via command-line.