Unable to register hosts after uploading custom certificate

Problem:
Unable to register hosts after uploading custom certificate
Expected outcome:
successfully register to Foreman/Katello
Foreman and Proxy versions:
3.6.1
Foreman and Proxy plugin versions:
3.6.1 / katello 4.8
Distribution and version:
RHEL 8
Other relevant data:
Getting following error when running registration curl script on hosts after uploading with custom certificate:

Running registration

Loaded plugins: fastestmirror, product-id, search-disabled-repos, subscription-
: manager
Error loading certificate: [Errno 2] No such file or directory: ‘/etc/pki/consumer/cert.pem’
Loading mirror speeds from cached hostfile

Hi @ericville

On the client there should be this CA /etc/rhsm/ca/katello-server-ca.pem can you run openssl x509 -in /etc/rhsm/ca/katello-server-ca.pem -noout -text and confirm if that matches the new custom cert and ca you have updated the Foreman instance with?

@ericville Could you tell us more about what you did? I’m experiencing a similar problem.

Today I’ve updated the Apache web server certificate (on the foreman server). After oing that I’ve noticed that some VM registered to Foreman server are unable to register or do a yum repolist

I ran the command and it does not look like the certificates match, however I did enable “Insecure” when generating the curl script for registration, so I would think that shouldn’t matter.
I’m also getting the following error as well -

Error loading certificate: [Errno 2] No such file or directory: ‘/etc/pki/consumer/cert.pem’

If I remove the certificates and use the self signed, then I’m able to register successfully.

Thanks,

@atarallo
I followed the documentation on deploying a custom certificate to foreman server, and am now unable to register any hosts, where I was able to when using the self signed cert.
Not sure if there is another step I’m missing…

Also when following the steps in the documentation to deploy the custom certificate to hosts, and running the ““yum install http://foreman.example.com/pub/katello-ca-consumer-latest.noarch.rpm”” command, I get the following error:
Error loading certificate: [Errno 2] No such file or directory: ‘/etc/pki/consumer/cert.pem’

@ericville

On the client can you email me the /var/log/rhsm.log file and output of ls /etc/pki/consumer/ to chrobert@redhat.com so I can look at the rhsm client log?

just emailed the log to you, and the ls command showed the /etc/pki/consumer/ directory as empty.

Thanks,

Finally got this working. Was a bad custom certificate.

Thanks,

Hey @ericville

Sorry for the delay, I have been out sick this week. I just got back this morning and was testing it. Glad you got it figured out. I will stop my investigation and again sorry for the delay.

1 Like