Ubuntu import CA

Is there any information on how to import the katello-ca-consumer to a Ubuntu instance?

Something like wget --no-check-certificate https://foreman.host.net/pub/katello-server-ca.crt | sudo apt-key add - fails with gpg: no valid OpenPGP data found.

Expected outcome:
Able to import ca certificate for provisioning.

Foreman and Proxy versions:
Forman version 2.3.3
Katello 3.18

Distribution and version:
Centos 7
Ubuntu 20.04

To clarify if i run:
subscription-manager register --org=“Default_Organization” --activationkey=“Ubuntu 20.04”

Then i get the error:
Unable to verify server’s identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1123)

Which means that the CA certificate is not installed, I tried putting the katello-ca cert in /usr/local/share/ca-certificates/ then run sudo update-ca-certificates but it’s still not used when running subscription-manager

Hi @pqvindesland !

The /content_hosts/register page on your Katello instance has some special instructions for Deb/Ubuntu that you should try out:

wget --no-check-certificate -O katello-rhsm-consumer https://katello.example.com/pub/katello-rhsm-consumer
/bin/bash -x katello-rhsm-consumer 2< /root/katello-rhsm-consumer.log

Hopefully that’ll do the trick for you.

Many thanks that worked, I had a look and those instructions are not there on Foreman 2.3.3, is that included in 2.4.0?

You’re welcome! My apologies, I forgot those steps were so new. They should be in Foreman 2.4 / Katello 4.0

Glad it’s working now :slight_smile:

1 Like