Bug #19935
closedPublished Pulp repositories gives SSL alert
Description
Katello 3.2.1.1
I dont have access to the Pulp repos through httpd.
I have published several repostories to https but get SSL alert that says the connection was unsuccessful: An error occurred during a connection to server. SSL peer was unable to negotiate an acceptable set of security parameters. Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT
I have imported the katello-server-ca.crt from the host to my browser which shows an secure connection.
I had this working fine and suspects that an yum update on the katello server has broken this, but I don't know what creates the SSL error.
Updated by Daniel Lobato Garcia over 7 years ago
Have you tried different browsers? For some reason I also get a similar error on Firefox but not on Chrome. Note you have to split the certificate given from Katello in order to import it properly (https://theforeman.org/plugins/katello/nightly/troubleshooting/index.html#debug-certificate).
Are the repositories available to yum/dnf, or they are only unavailable via https checking with a browser?
Updated by Kent Knudsen over 7 years ago
Daniel Lobato Garcia wrote:
Have you tried different browsers? For some reason I also get a similar error on Firefox but not on Chrome. Note you have to split the certificate given from Katello in order to import it properly (https://theforeman.org/plugins/katello/nightly/troubleshooting/index.html#debug-certificate).
Are the repositories available to yum/dnf, or they are only unavailable via https checking with a browser?
The repos are availbale both as yum/dnf and web. I tried with Chrome and I can now browse content with http only (https still gives SSL alert - this is not a secure connection). In Firefox http redirects to https. I'll have to try and split the certificate and try Firefox again.
Don't tell me this behaviour is normal for a katello server...
Updated by Kent Knudsen over 7 years ago
Daniel Lobato Garcia wrote:
Have you tried different browsers? For some reason I also get a similar error on Firefox but not on Chrome. Note you have to split the certificate given from Katello in order to import it properly (https://theforeman.org/plugins/katello/nightly/troubleshooting/index.html#debug-certificate).
Are the repositories available to yum/dnf, or they are only unavailable via https checking with a browser?
Great. The split certificate now works with Firefox on https.
Thanks Daniel for the guidance
Updated by Eric Helms over 7 years ago
- Status changed from New to Resolved
- Translation missing: en.field_release set to 166