Bug #35296: Need to be able to provide custom cert for ISS for Red Hat CDN - Katello - Foreman

Actions

Copy link

Bug #35296

closed

Need to be able to provide custom cert for ISS for Red Hat CDN

Added by Partha Aji over 1 year ago. Updated over 1 year ago.

Status:

Closed

Priority:

Normal

Assignee:

Partha Aji

Category:

Inter Server Sync

Target version:

Katello 4.7.0

Difficulty:

Triaged:

Yes

Bugzilla link:

2112098

Pull request:

https://github.com/Katello/katello/pull/10217, https://github.com/Katello/hammer-cli-katello/pull/860

Fixed in Releases:

Katello 4.7.0

Found in Releases:

Red Hat JIRA:

Description

Description of problem:

Assume we have an Upstream HTTP Server that is serving the extracted CDN ISO content and a Downstream Server that can only talk to that http server.

We need to be able specify custom ca cert (or ca credential) when we change the RedHat CDN url to the upstream url.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Get a content iso extracted in /var/www/html/pub/<myrepo> on some other box
2. Go to Subscriptions => Manage Manifest
3. Change the redhat cdn url to https://<fqdn>/pub/<myrepo>. Notice that you cannot specify the cert in this tab.
4. Go to Redhat Repositories and try expanding the available repositories.

Actual results:

You should get an error along the lines of
2022-07-28T18:01:33 [I|app|37e3cb19] CDN: Requesting path https://<webserver>:443/pub/repos/content/dist/rhel/server/7/listing
/opt/rh/rh-ruby27/root/usr/share/ruby/net/protocol.rb:44: warning: exception in verify_callback is ignored
2022-07-28T18:01:33 [E|app|37e3cb19] Failed at scanning for repository: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)

Expected results:

Ability to see enabled repos from the store.

We may also need to be able to set a SSL CA Credential on the Manage Manifests.