Problem:
There is an issue when trying to use external certificate.
When using katello-cert-check command ,
[root@satellite-server SSL-CERT]# katello-certs-check -c fullchain.crt -k privatekey -b CSR
Checking server certificate encoding:
[OK]
unable to load certificate
140677509474112:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
date: invalid date ‘+%Y%m%d%H%M%S’
Checking expiration of certificate:
[OK]
Checking expiration of CA bundle:
[FAIL]
The CA bundle "/root/SSL-CERT/CSR" has already expired on:
Checking if server certificate has CA:TRUE flag
[OK]
Checking for private key passphrase:
[OK]
Checking to see if the private key matches the certificate:
[OK]
Checking CA bundle against the certificate file:
[FAIL]
The /root/SSL-CERT/CSR does not verify the /root/SSL-CERT/fullchain.crt
Error loading file /root/SSL-CERT/CSR
Checking CA bundle size: 1
[OK]
Checking Subject Alt Name on certificate
[OK]
Checking if any Subject Alt Name on certificate matches the Subject CN
[OK]
Checking Key Usage extension on certificate for Key Encipherment
[OK]
Checking for use of shortname as CN
[OK]
Expected outcome:
Use external SSL Certificate in the server.
Foreman and Proxy versions:
Foreman 3.5 and Katello 4.7
Distribution and version:
Rocky Linux release 8.7 (Green Obsidian)
Other relevant data:
When running foreman-installer command:
[root@satellite-server SSL-CERT]# foreman-installer --scenario katello --certs-server-cert "fullchain.crt" --certs-server-key "privatekey" --certs-server-ca-cert "CSR" --certs-update-server --
certs-update-server-ca
2023-03-30 01:52:44 [NOTICE] [root] Loading installer configuration. This will take some time.
2023-03-30 01:52:47 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2023-03-30 01:52:47 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2023-03-30 01:52:49 [ERROR ] [root] Parameter certs-server-cert invalid: fullchain.crt is not one of regexes matching /\A(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?
[\\\/][^\\\/]+)).*\z/ or regexes matching /\A\/([^\n\/\0]+\/*)*\z/
2023-03-30 01:52:49 [ERROR ] [root] Parameter certs-server-key invalid: privatekey is not one of regexes matching /\A(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\
/][^\\\/]+)).*\z/ or regexes matching /\A\/([^\n\/\0]+\/*)*\z/
2023-03-30 01:52:49 [ERROR ] [root] Parameter certs-server-ca-cert invalid: CSR is not one of regexes matching /\A(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][
^\\\/]+)).*\z/ or regexes matching /\A\/([^\n\/\0]+\/*)*\z/
Error during configuration, exiting
The same issue comes when trying to use external certificate while fresh install and post-install of foreman.