Bug #32624

Updated by Eric Helms over 2 years ago

Discord thread: 

 Katello is still using its self-signed default CA to distribute entitlement certificates. This is expected. 

 However, pulpcore certguard has the wrong CA configured in its database - it has picked up the Server CA, which should only be used for clients to authenticate the server certificate. 

 Updating the content of ca_certificate in pulpcore:certguard_rhsmcertguard fixes the issue and allows clients to access the repo. 

 psql -d pulpcore 
 pulpcore=# \set content `cat cat /etc/pki/katello/certs/katello-default-ca-stripped.crt`` 
 pulpcore=# update certguard_rhsmcertguard SET ca_certificate = :'content' ;