Hello,
I am having issues joining a server to our Katello server.
I receive the following error:
Unable to verify server's identity: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1
alert unknown ca (_ssl.c:579)
I am running Katello 3.4 on CentOS 7.4. The server I am trying to joing the
Katello server to is also a CentOS 7.4 server.
I am guessing this is an SSL cert error, but I'm not sure how I could be
getting this since I am using the cert provided by the Katello server
itself.
Any ideas? Any help would be greatly appreciated. Thank you.
Hello,
the error message says it all. Your client does not know server's certificate. Import it, it's available in http://katello/pub for download.
LZ
--
Later,
Lukas @lzap Zapletal
the error message says it all. Your client does not know server's certificate. Import it, it's available in http://katello/pub for download.
LZ
···
On Tue, Dec 5, 2017 at 1:58 AM, Philippe Conway <philippe.conway@gmail.com> wrote:Hello,
I am having issues joining a server to our Katello server.
I receive the following error:
Unable to verify server's identity: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1
alert unknown ca (_ssl.c:579)
I am running Katello 3.4 on CentOS 7.4. The server I am trying to joing the
Katello server to is also a CentOS 7.4 server.
I am guessing this is an SSL cert error, but I'm not sure how I could be
getting this since I am using the cert provided by the Katello server
itself.
Any ideas? Any help would be greatly appreciated. Thank you.
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
--
Later,
Lukas @lzap Zapletal
Hi Lukas,
I have imported my Cert located in http://katello/pub, however I am still getting the same error. Any other ideas? Is it possible to regenerate the cert?
I have imported my Cert located in http://katello/pub, however I am still getting the same error. Any other ideas? Is it possible to regenerate the cert?
···
On Tuesday, December 5, 2017 at 12:44:52 AM UTC-8, Lukas Zapletal wrote:
Hello,
the error message says it all. Your client does not know server's
certificate. Import it, it's available in http://katello/pub for
download.
LZ
On Tue, Dec 5, 2017 at 1:58 AM, Philippe Conway > <philipp...@gmail.com <javascript:>> wrote:
Hello,
I am having issues joining a server to our Katello server.
I receive the following error:
Unable to verify server's identity: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1
alert unknown ca (_ssl.c:579)
I am running Katello 3.4 on CentOS 7.4. The server I am trying to joing
the
Katello server to is also a CentOS 7.4 server.
I am guessing this is an SSL cert error, but I'm not sure how I could be
getting this since I am using the cert provided by the Katello server
itself.
Any ideas? Any help would be greatly appreciated. Thank you.
--
You received this message because you are subscribed to the Google
Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to foreman-user...@googlegroups.com <javascript:>.
To post to this group, send email to forema...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
--
Later,
Lukas @lzap Zapletal
So I actually went ahead and regenerated the certs on the Katello server.
However, I am still getting the same error. :(
···
On Tuesday, December 5, 2017 at 9:19:35 AM UTC-8, Philippe Conway wrote:
Hi Lukas,
I have imported my Cert located in http://katello/pub, however I am still
getting the same error. Any other ideas? Is it possible to regenerate the
cert?
On Tuesday, December 5, 2017 at 12:44:52 AM UTC-8, Lukas Zapletal wrote:
Hello,
the error message says it all. Your client does not know server's
certificate. Import it, it's available in http://katello/pub for
download.
LZ
On Tue, Dec 5, 2017 at 1:58 AM, Philippe Conway >> <philipp...@gmail.com> wrote:
Hello,
I am having issues joining a server to our Katello server.
I receive the following error:
Unable to verify server's identity: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1
alert unknown ca (_ssl.c:579)
I am running Katello 3.4 on CentOS 7.4. The server I am trying to joing
the
Katello server to is also a CentOS 7.4 server.
I am guessing this is an SSL cert error, but I'm not sure how I could
be
getting this since I am using the cert provided by the Katello server
itself.
Any ideas? Any help would be greatly appreciated. Thank you.
--
You received this message because you are subscribed to the Google
Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to foreman-user...@googlegroups.com.
To post to this group, send email to forema...@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
--
Later,
Lukas @lzap Zapletal
Philippe,
Can you go over the steps you are using to setup the client?
-John
John Mitsch
Red Hat Engineering
(860)-967-7285
irc: jomitsch
Can you go over the steps you are using to setup the client?
-John
John Mitsch
Red Hat Engineering
(860)-967-7285
irc: jomitsch
···
On Tue, Dec 5, 2017 at 2:50 PM, Philippe Conway <philippe.conway@gmail.com> wrote:So I actually went ahead and regenerated the certs on the Katello server.
However, I am still getting the same error. :(
On Tuesday, December 5, 2017 at 9:19:35 AM UTC-8, Philippe Conway wrote:
Hi Lukas,
I have imported my Cert located in http://katello/pub, however I am
still getting the same error. Any other ideas? Is it possible to regenerate
the cert?
On Tuesday, December 5, 2017 at 12:44:52 AM UTC-8, Lukas Zapletal wrote:
Hello,
the error message says it all. Your client does not know server's
certificate. Import it, it's available in http://katello/pub for
download.
LZ
On Tue, Dec 5, 2017 at 1:58 AM, Philippe Conway >>> <philipp...@gmail.com> wrote:
Hello,
I am having issues joining a server to our Katello server.
I receive the following error:
Unable to verify server's identity: [SSL: TLSV1_ALERT_UNKNOWN_CA]
tlsv1
alert unknown ca (_ssl.c:579)
I am running Katello 3.4 on CentOS 7.4. The server I am trying to
joing the
Katello server to is also a CentOS 7.4 server.
I am guessing this is an SSL cert error, but I'm not sure how I could
be
getting this since I am using the cert provided by the Katello server
itself.
Any ideas? Any help would be greatly appreciated. Thank you.
--
You received this message because you are subscribed to the Google
Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to foreman-user...@googlegroups.com.
To post to this group, send email to forema...@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
--
Later,
Lukas @lzap Zapletal
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Hi John,
I download and installed the cert from the Katello server:
wget -O /tmp/katello-ca-consumer-latest.noarch.rpm http:
//katello/pub/katello-ca-consumer-latest.noarch.rpm
yum -y localinstall /tmp/katello-ca-consumer-latest.noarch.rpm
Then I attempt to join the client to the Katello server:
subscription-manager register --org="Default_Organization" --activationkey= "Base_Key_C7" --force
Both the Katello server and Client are running CentOS 7.4
I download and installed the cert from the Katello server:
wget -O /tmp/katello-ca-consumer-latest.noarch.rpm http:
//katello/pub/katello-ca-consumer-latest.noarch.rpm
yum -y localinstall /tmp/katello-ca-consumer-latest.noarch.rpm
Then I attempt to join the client to the Katello server:
subscription-manager register --org="Default_Organization" --activationkey= "Base_Key_C7" --force
Both the Katello server and Client are running CentOS 7.4
···
On Tuesday, December 5, 2017 at 1:56:05 PM UTC-8, John Mitsch wrote:
Philippe,
Can you go over the steps you are using to setup the client?
-John
John Mitsch
Red Hat Engineering
(860)-967-7285
irc: jomitsch
On Tue, Dec 5, 2017 at 2:50 PM, Philippe Conway <philipp...@gmail.com > <javascript:>> wrote:
So I actually went ahead and regenerated the certs on the Katello server.
However, I am still getting the same error. :(
On Tuesday, December 5, 2017 at 9:19:35 AM UTC-8, Philippe Conway wrote:
Hi Lukas,
I have imported my Cert located in http://katello/pub, however I am
still getting the same error. Any other ideas? Is it possible to regenerate
the cert?
On Tuesday, December 5, 2017 at 12:44:52 AM UTC-8, Lukas Zapletal wrote:
Hello,
the error message says it all. Your client does not know server's
certificate. Import it, it's available in http://katello/pub for
download.
LZ
On Tue, Dec 5, 2017 at 1:58 AM, Philippe Conway >>>> <philipp...@gmail.com> wrote:
Hello,
I am having issues joining a server to our Katello server.
I receive the following error:
Unable to verify server's identity: [SSL: TLSV1_ALERT_UNKNOWN_CA]
tlsv1
alert unknown ca (_ssl.c:579)
I am running Katello 3.4 on CentOS 7.4. The server I am trying to
joing the
Katello server to is also a CentOS 7.4 server.
I am guessing this is an SSL cert error, but I'm not sure how I could
be
getting this since I am using the cert provided by the Katello server
itself.
Any ideas? Any help would be greatly appreciated. Thank you.
--
You received this message because you are subscribed to the Google
Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it,
send an
email to foreman-user...@googlegroups.com.
To post to this group, send email to forema...@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
--
Later,
Lukas @lzap Zapletal
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-user...@googlegroups.com <javascript:>.
To post to this group, send email to forema...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
I ran into this issue just today and I thought it was unusual because the operation you’re describing is something I do regularly. Surely the problem must be with me, right?
After troubleshooting I was able to work around the problem by doing a subscription-manager clean prior to the registration command. I suppose that something (server CA) put in place by the previous registration (or the previous katello-ca-consumer RPM) was left lingering around.
You’ve probably worked around the problem by now but I’d be curious to hear how you did so, and if you came to the same conclusion that I did.
Jonathon
3 Likes
Sorry. I just saw this. I came across a RedHat post that mentioned doing the subscription-manager clean as well. That also worked for me.
1 Like