don't put certificate metadata in PEM files
"The final conversion output shouldn’t contain anything apart from the encoded key and certificates. Although some tools are smart enough to ignore what isn’t needed, other tools are not. Leaving extra data in PEM files might result in problems that are difficult to troubleshoot." from OpenSSL Cookbook .
#1 Updated by Alex Wood over 4 years ago
Affected certs can be found by searching for words like "Signature" or "Validity"
[root@katello-centos6-2 katello]# grep -r -l 'Signature' /etc/pki/katello/ /etc/pki/katello/certs/katello-apache.crt /etc/pki/katello/certs/java-client.crt /etc/pki/katello/certs/katello-centos6-2.0.example.com-qpid-broker.crt /etc/pki/katello/certs/katello-default-ca.crt /etc/pki/katello/qpid_client_striped.crt