Project

General

Profile

Actions

Bug #9093

closed

Foreman client cert needs deploying to Capsules

Added by Stephen Benjamin over 9 years ago. Updated almost 6 years ago.

Status:
Duplicate
Priority:
Normal
Category:
Installer
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

settings.yml for the foreman proxy needs separate certificates to talk to Foreman as a client (luckily we create the RPM and it even ends up on the capsule, we just don't do anything with it).

Otherwise when using the templates plugin, proxy can't request it over SSL as it's Proxy certificate is only a Server certificate.

SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:unsupported certificate
SSL_connect:failed in SSLv3 read server session ticket A
139936624129864:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert unsupported certificate:s3_pkt.c:1257:SSL alert number 43
139936624129864:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:

Related issues 2 (1 open1 closed)

Related to Katello - Tracker #8172: Isolate Client Communication through a CapsuleNew

Actions
Blocks Katello - Feature #8991: Support templates plugin in CapsuleClosedStephen Benjamin01/16/2015Actions
Actions

Also available in: Atom PDF