Bug #32624
Updated by Eric Helms almost 3 years ago
Discord thread: https://community.theforeman.org/t/errno-14-https-error-403-forbidden-redhat-repositories-only/21041 <pre> Katello is still using its self-signed default CA to distribute entitlement certificates. This is expected. However, pulpcore certguard has the wrong CA configured in its database - it has picked up the Server CA, which should only be used for clients to authenticate the server certificate. Updating the content of ca_certificate in pulpcore:certguard_rhsmcertguard fixes the issue and allows clients to access the repo. psql -d pulpcore pulpcore=# \set content `cat cat /etc/pki/katello/certs/katello-default-ca-stripped.crt`` pulpcore=# update certguard_rhsmcertguard SET ca_certificate = :'content' ; </pre>