Plugins » Katello

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1233431
I'm running through an install of Satellite 6.0.4 with IdM on RHEL 7.1 to set up external auth. All of that is working fine, but I also want to use a certificate from IdM for the web UI by passing it in at install time. According to the documentation, I need to use the following options:

--certs-server-cert ~/path/to/server.crt\
  --certs-server-cert-req ~/path/to/server.crt.req\
  --certs-server-key ~/path/to/server.crt.key\
  --certs-server-ca-cert ~/path/to/cacert.crt

The certificate request should not be needed, as a certificate has already been issued. If we already have an issued certificate, we should just need the key and server certificate along with the CA certificate for trust purposes. If I use 'ipa-getcert' to request and retrieve a certificate from IdM, I only get back the key and cert:

ipa-getcert request -w -k ./satellite.key -f ./satellite.crt

There is no provision to output the raw CSR from any of the certmonger related commands. I can dig it out of certmonger's request tracking file in /var/lib/certmonger/requests, but that's not very friendly.

I have been able to pass a zero-byte file as the --certs-server-cert-req option as a workaround, and https is set up properly using the passed in cert/key. I think the request option should be deprecated, or at least made optional if there is really some purpose to giving the request to Satellite.