Actions
Bug #30754
openKatello install with custom CA fails to verify the full CA chain
Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Description
When attempting a new katello install with custom CA, Smart Proxy breaks. I have also tried completing basic katello install without custom certs which does install successfully, however, later updating the certs with custom CA also breaks the Smart Proxy. In both scenarios, after installing certs from custom CA, the websocket/web-console has a "good" certificate and works as expected, however, smart proxy is broken.
Commands being run:
- katello-certs-check -c /root/certs/myserver.crt -k /root/certs/myserver-d.key -b /etc/pki/tls/certs/ROOTCA-CA_2019.crt
- foreman-installer --scenario katello \
--certs-server-cert "/root/certs/myserver.crt" \
--certs-server-key "/root/certs/myserver-d.key" \
--certs-server-ca-cert "/etc/pki/tls/certs/ROOTCA-CA_2019.crt" \
--certs-update-server --certs-update-server-ca -v
katello.log attached. Note, the log has been lightly edited to remove any personal data.
You can find more back-story here:
https://community.theforeman.org/t/certificate-setup-failure-with-custom-ca/20190/13?u=barn
Files
Actions