Project

General

Profile

Actions
Copy link

Bug #32624

closed

Client receives 403 forbidden when fetching RHEL content when using custom certificates

Added by Eric Helms over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Justin Sherrill
Category:
Repositories
Target version:
Katello 4.0.2
Difficulty:
Triaged:
Yes
Bugzilla link:
1961886
Pull request:
https://github.com/Katello/katello/pull/9381
Fixed in Releases:
Katello 4.2.0
Found in Releases:
Red Hat JIRA:

Description

Discord thread: https://community.theforeman.org/t/errno-14-https-error-403-forbidden-redhat-repositories-only/21041

Katello is still using its self-signed default CA to distribute entitlement certificates. This is expected.

However, pulpcore certguard has the wrong CA configured in its database - it has picked up the Server CA, which should only be used for clients to authenticate the server certificate.

Updating the content of ca_certificate in pulpcore:certguard_rhsmcertguard fixes the issue and allows clients to access the repo.

psql -d pulpcore
pulpcore=# \set content `cat /etc/pki/katello/certs/katello-default-ca-stripped.crt``
pulpcore=# update certguard_rhsmcertguard SET ca_certificate = :'content' ;

Related issues 1 (0 open1 closed)

Related to Katello - Bug #32784: Error: undefined methodpulp_href’ for nil:NilClass` when syncing capsuleClosedJustin SherrillActions
Actions
Copy link

Also available in: Atom PDF