Project

General

Profile

Bug #19935

Published Pulp repositories gives SSL alert

Added by Kent Knudsen almost 5 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Repositories
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Katello 3.2.1.1

I dont have access to the Pulp repos through httpd.

I have published several repostories to https but get SSL alert that says the connection was unsuccessful: An error occurred during a connection to server. SSL peer was unable to negotiate an acceptable set of security parameters. Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT

I have imported the katello-server-ca.crt from the host to my browser which shows an secure connection.

I had this working fine and suspects that an yum update on the katello server has broken this, but I don't know what creates the SSL error.

History

#1 Updated by Daniel Lobato Garcia almost 5 years ago

Have you tried different browsers? For some reason I also get a similar error on Firefox but not on Chrome. Note you have to split the certificate given from Katello in order to import it properly (https://theforeman.org/plugins/katello/nightly/troubleshooting/index.html#debug-certificate).

Are the repositories available to yum/dnf, or they are only unavailable via https checking with a browser?

#2 Updated by Kent Knudsen almost 5 years ago

Daniel Lobato Garcia wrote:

Have you tried different browsers? For some reason I also get a similar error on Firefox but not on Chrome. Note you have to split the certificate given from Katello in order to import it properly (https://theforeman.org/plugins/katello/nightly/troubleshooting/index.html#debug-certificate).

Are the repositories available to yum/dnf, or they are only unavailable via https checking with a browser?

The repos are availbale both as yum/dnf and web. I tried with Chrome and I can now browse content with http only (https still gives SSL alert - this is not a secure connection). In Firefox http redirects to https. I'll have to try and split the certificate and try Firefox again.

Don't tell me this behaviour is normal for a katello server...

#3 Updated by Kent Knudsen almost 5 years ago

Daniel Lobato Garcia wrote:

Have you tried different browsers? For some reason I also get a similar error on Firefox but not on Chrome. Note you have to split the certificate given from Katello in order to import it properly (https://theforeman.org/plugins/katello/nightly/troubleshooting/index.html#debug-certificate).

Are the repositories available to yum/dnf, or they are only unavailable via https checking with a browser?

Great. The split certificate now works with Firefox on https.

Thanks Daniel for the guidance

#4 Updated by Eric Helms almost 5 years ago

  • Status changed from New to Resolved
  • Legacy Backlogs Release (now unused) set to 166

Also available in: Atom PDF