On Monday, September 19, 2016 at 6:25:04 AM UTC-5, [email protected] wrote: This issue still exists for Katello 3.1. Without the workaround mentioned by Claran, it's not possible to use custom SSL certificates for katello.
I too have run into this issue. Copying the default-ca into the system trust seems to address the issue. Unfortunately I believe the smart proxy installer is similarly broken. It is unable to complete install using a custom cert for capsule.acme.com. [ INFO 2016-09-19 11:33:26 verbose] Class[Foreman_proxy::Register]: Scheduling refresh of Foreman_smartproxy[capsule.acme.com] [ERROR 2016-09-19 11:33:26 verbose] Proxy capsule.acme.com cannot be registered: Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Un able to detect features ([RestClient::SSLCertificateNotVerified]: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verif...) for pr oxy https://capsule.acme.com:9090/features Please check the proxy is configured and running on the host. [ INFO 2016-09-19 11:33:26 verbose] /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:23:in `create' Adding the katello-default-ca to the system store does not address the problem. The capsule's proxy log shows a client ca issue. E, [2016-09-19T11:33:26.811258 #9849] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca /usr/share/ruby/openssl/ssl.rb:226:in `accept' -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
