Project

General

Profile

Actions
Copy link

Bug #20054

closed

katello-certs-check does not check server certificate's encoding

Added by Russell Dickenson over 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Russell Dickenson
Category:
Installer
Target version:
Katello 3.4.6
Difficulty:
easy
Triaged:
Bugzilla link:
1463018
Pull request:
https://github.com/Katello/katello-installer/pull/528, https://github.com/Katello/katello-installer/pull/587, https://github.com/Katello/katello-installer/pull/606
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Clone from RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1463018

Description of problem: The Bash script `katello-certs-check` does not verify server's certificate is PEM encoded, resulting in failure to install the certificate.

How reproducible: Every time.

Steps to Reproduce:
1. Generate an SSL certificate for the Satellite Server.
2. Convert it into DER format.
3. Install the certificate (in DER encoding) in Satellite.

Actual results: Instances of the following errors appear in log file /var/log/foreman-proxy/proxy.log:
-----
OpenSSL::SSL:SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
-----

Expected results: The custom SSL certificate is installed successfully.

Actions
Copy link

Also available in: Atom PDF