katello-installer certificate options should not require --certs-server-cert-req
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1233431
I'm running through an install of Satellite 6.0.4 with IdM on RHEL 7.1 to set up external auth. All of that is working fine, but I also want to use a certificate from IdM for the web UI by passing it in at install time. According to the documentation, I need to use the following options:
The certificate request should not be needed, as a certificate has already been issued. If we already have an issued certificate, we should just need the key and server certificate along with the CA certificate for trust purposes. If I use 'ipa-getcert' to request and retrieve a certificate from IdM, I only get back the key and cert:
ipa-getcert request -w -k ./satellite.key -f ./satellite.crt
There is no provision to output the raw CSR from any of the certmonger related commands. I can dig it out of certmonger's request tracking file in /var/lib/certmonger/requests, but that's not very friendly.
I have been able to pass a zero-byte file as the --certs-server-cert-req option as a workaround, and https is set up properly using the passed in cert/key. I think the request option should be deprecated, or at least made optional if there is really some purpose to giving the request to Satellite.
#4 Updated by Anonymous almost 2 years ago
- % Done changed from 0 to 100
- Status changed from Ready For Testing to Closed
Applied in changeset puppet-certs|5089bb3de3ac63339c90b64b0fda726340f04ced.