Is it possible to revert back to the default self signed certs and try re-installing the custom signed certs?
If not I need some guidance on how to troubleshoot this issue or should I be opening a bug? On Tuesday, 28 February 2017 11:07:38 UTC-7, Edward Clay wrote: > > Hello, I've run into an issue where after upgrading a working katello 3.2 > system to 3.3 I get the following error when attempting to publish a > content view. > > There was an issue with the backend service pulp: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify failed > > > When the system was running katello 3.2 I rand the following to get the > custom signed ssl certs to work. > > foreman-installer --scenario katello --certs-server-cert > /etc/pki/tls/certs/il-foreman1_slc_westdc_net.crt --certs-server-cert-req > /etc/pki/tls/private/il-foreman1.slc.westdc.net.csr --certs-server-key > /etc/pki/tls/private/il-foreman1.slc.westdc.net.key --certs-server-ca-cert > /etc/pki/tls/certs/comodo-ca-bundle.crt --certs-server-ca-name comodo-ca > --certs-update-server --certs-update-server-ca > > To fix problems with candlepin I did the following found via > http://projects.theforeman.org/issues/16620 > > Copy /root/ssl-build/katello-default-ca.crt to > /etc/pki/ca-trust/source/anchors/ and rebuild the openssl ca certs with > update-ca-trust. Due to chicken-and-egg issue, this may prevent a clean > install using custom certs. After performing these steps, re-run the > installer. It should complete correctly the second time through. > > I've attempted both of theses steps along with the second fix on the above > url for issue 16620 without any success. I see the following details in > the /etc/foreman/plugins/katello.yaml > > ### File managed with puppet ### > ## Module: puppet-katello > > :katello: > :rest_client_timeout: 3600 > > :post_sync_url: > https://il-foreman1.domain.net/katello/api/v2/repositories/sync_complete?token=gQ7efFZPwo8oWXg9abmdG3v8gkY29fcs > > :candlepin: > :url: https://il-foreman1.domain.net:8443/candlepin > :oauth_key: katello > :oauth_secret: qXZyiEhe8WqoCeTtPJqhpUGCPV65GmeL > :ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt > > :pulp: > :url: https://il-foreman1.domain.net/pulp/api/v2/ > :oauth_key: katello > :oauth_secret: qXZyiEhe8WqoCeTtPJqhpUGCPV65GmeL > :ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt > > :qpid: > :url: amqp:ssl:localhost:5671 > :subscriptions_queue_address: katello_event_queue > > I'm not sure what additional information to provide to help identify the > problem here. Any ideas what to try/do next? > > Thanks > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
