Bug #31234

Users have to delete ssl-build/<capsule> directory and regenerate the certificates to add a cname in capsule certificates

Added by Eric Helms over 2 years ago. Updated over 2 years ago.

foreman-installer script
Target version:
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:


Cloned from

Description of problem:
Satellite 6.8 capsule-certs-generate does not include cname in apache certificates when specified via --foreman-proxy-cname'

Version-Release number of selected component (if applicable):
Satellite 6.8.0

How reproducible:

Steps to Reproduce:
1. Setup: 1 Sattelite and 2 capsules(puppet ca capsule + normal capsule) with a loadbalancer and a client
2. Referring to (4.2)

Actual results:
Client is not able to register through subscription-manager. Resulting in "Unable to reach the server at <>:8443/rhsm"

Expected results:
Client should be able to register through subscription-manager via loadbalancer

Additional info:
1. The certs on the capsules are missing the CNAME, which subscription-manager needs to register properly through the LB + capsule.
While viewing the cert with openssl, there is no DNS entry related to the loadbalancer. Unlike in 6.7 where it worked fine.

2. Please note the puppet command
#puppet cert generate is no longer functional.
Use `#puppetserver ca` instead

Associated revisions

Revision 8b9d3928 (diff)
Added by Eric Helms over 2 years ago

Fixes #31234: Create new certificate bundle everytime

The first time a certificate bundle is created for a foreman proxy
any updates a user wishes to make are not reflected in the bundle
unless the user deletes it on disk or explicitly passes --certs-regenerate.
Given the foreman-proxy-certs-generate command is intended for
users to generate bundles for a foreman-proxy, this bundle should
be generated, with updates, anytime a user runs the command. This
enables that change by setting regenerate to true as the default.


#1 Updated by The Foreman Bot over 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request added

#2 Updated by The Foreman Bot over 2 years ago

  • Fixed in Releases 2.4.0 added

#3 Updated by Eric Helms over 2 years ago

  • Status changed from Ready For Testing to Closed

#4 Updated by Tomer Brisker over 2 years ago

  • Fixed in Releases 2.3.0 added
  • Fixed in Releases deleted (2.4.0)

#5 Updated by Ewoud Kohl van Wijngaarden over 2 years ago

  • Triaged changed from No to Yes
  • Target version set to 2.3.0
  • Category set to foreman-installer script

Also available in: Atom PDF