Project

General

Profile

Actions

Bug #32624

closed

Client receives 403 forbidden when fetching RHEL content when using custom certificates

Added by Eric Helms about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Category:
Repositories
Target version:
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Discord thread: https://community.theforeman.org/t/errno-14-https-error-403-forbidden-redhat-repositories-only/21041

Katello is still using its self-signed default CA to distribute entitlement certificates. This is expected.

However, pulpcore certguard has the wrong CA configured in its database - it has picked up the Server CA, which should only be used for clients to authenticate the server certificate.

Updating the content of ca_certificate in pulpcore:certguard_rhsmcertguard fixes the issue and allows clients to access the repo.

psql -d pulpcore
pulpcore=# \set content `cat /etc/pki/katello/certs/katello-default-ca-stripped.crt``
pulpcore=# update certguard_rhsmcertguard SET ca_certificate = :'content' ;

Related issues 1 (0 open1 closed)

Related to Katello - Bug #32784: Error: undefined methodpulp_href’ for nil:NilClass` when syncing capsuleClosedJustin SherrillActions
Actions #1

Updated by Eric Helms about 3 years ago

  • Bugzilla link set to 1961886
Actions #2

Updated by Eric Helms about 3 years ago

The certificate does not get updated if it changes automatically and this will need to be fixed in addition.

Actions #3

Updated by Eric Helms about 3 years ago

  • Status changed from Assigned to New
  • Assignee deleted (Eric Helms)
Actions #4

Updated by Eric Helms about 3 years ago

  • Description updated (diff)
Actions #5

Updated by Justin Sherrill about 3 years ago

  • Project changed from Installer to Katello
Actions #6

Updated by Chris Roberts about 3 years ago

  • Category set to Repositories
  • Assignee set to Justin Sherrill
  • Target version set to Katello 4.0.2
  • Triaged changed from No to Yes
Actions #7

Updated by Chris Roberts about 3 years ago

  • Status changed from New to Ready For Testing
Actions #8

Updated by The Foreman Bot about 3 years ago

  • Pull request https://github.com/Katello/katello/pull/9381 added
Actions #9

Updated by The Foreman Bot about 3 years ago

  • Fixed in Releases Katello 4.2.0 added
Actions #10

Updated by Justin Sherrill about 3 years ago

  • Status changed from Ready For Testing to Closed
Actions #11

Updated by Justin Sherrill about 3 years ago

  • Related to Bug #32784: Error: undefined methodpulp_href’ for nil:NilClass` when syncing capsule added
Actions

Also available in: Atom PDF