Satellite 6 Certificate Locations and Configurations
Updated
- Introduction
- Certificate files
2.1. Satellite Server
2.2. Capsule Server
2.3. Registered Client - Other related files
1. Introducion
- In the way to understand better how works the certificates on Satellite implementation, below we are presenting the
Service,Ports,Config Filesrelated to andCertification Locations. - For more KB articles/solutions related to Red Hat Satellite 6.x SSL Certificates Issues, please refer to the Consolidated Troubleshooting Article for Red Hat Satellite 6.x SSL Certificates Issues
2. Certificate files
2.1. Satellite Server
| Service | Port | Config File | Cert Location |
|---|---|---|---|
| Apache | 443 | /etc/httpd/conf.d/05-foreman.conf | |
| /etc/pki/katello/certs/katello-apache.crt | |||
| /etc/pki/katello/private/katello-apache.key | |||
| /etc/pki/katello/certs/katello-server-ca.crt | |||
| /etc/pki/katello/certs/katello-default-ca.crt | |||
| Tomcat | 23443 & 61613 | /etc/candlepin/candlepin.conf and /etc/tomcat/server.xml | |
| /root/ssl-build/katello-default-ca.key | |||
| /etc/candlepin/certs/keystore | |||
| /etc/candlepin/certs/keystore_password-file | |||
| /etc/candlepin/certs/truststore | |||
| /etc/candlepin/certs/truststore_password-file | |||
| /etc/candlepin/certs/amqp/candlepin.jks | |||
| Foreman Proxy | 9090 | /etc/foreman-proxy/settings.yml | |
| /etc/foreman-proxy/ssl_ca.pem | |||
| /etc/foreman-proxy/ssl_cert.pem | |||
| /etc/foreman-proxy/ssl_key.pem | |||
| Puppetserver | 8140 | /etc/puppetlabs/puppetserver/conf.d/webserver.conf | |
| /etc/puppetlabs/puppet/ssl/certs/*.pem | |||
| /etc/puppetlabs/puppet/ssl/private_keys/*.pem | |||
| /etc/puppetlabs/puppet/ssl/public_keys/*.pem | |||
| /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem |
2.2 Capsule Server
| Service | Port | Config File | Cert Location |
|---|---|---|---|
| foreman-proxy -> foreman | 443 | /etc/foreman-proxy/settings.yml | |
| /etc/foreman-proxy/foreman_ssl_cert.pem | |||
| /etc/foreman-proxy/foreman_ssl_key.pem | |||
| /etc/foreman-proxy/foreman_ssl_ca.pem | |||
| /etc/pki/katello/private/*-foreman-proxy-client-bundle.pem | |||
| foreman -> foreman-proxy | 9090 | /etc/foreman/settings.yml | |
| /etc/foreman/client_cert.pem | |||
| /etc/foreman/client_key.pem | |||
| /etc/foreman/proxy_ca.pem | |||
| puppetserver -> foreman | 443 | /etc/puppetlabs/puppet/foreman.yaml | |
| /etc/pki/katello/puppet/puppet_client.crt | |||
| /etc/pki/katello/puppet/puppet_client.key | |||
| /etc/pki/katello/puppet/puppet_client_ca.crt |
2.3 Registered Client
| Service | Port | Config File | Cert Location |
|---|---|---|---|
| subscription-manager | /etc/rhsm/rhsm.conf | ||
| /etc/pki/product/*.pem | |||
| /etc/pki/entitlement/*.pem | |||
| /etc/rhsm/ca/redhat-uep.pem | |||
| /etc/rhsm/ca/redhat-entitlement-authority.pem | |||
| /etc/rhsm/ca/katello-default-ca.pem | |||
| /etc/rhsm/ca/katello-server-ca.pem | |||
| /etc/pki/consumer/bundle.pem | |||
| /etc/pki/consumer/key.pem | |||
| /etc/pki/consumer/cert.pem | |||
| yum | /etc/yum.repos.d/redhat.repo | ||
| /etc/pki/entitlement/*.pem | |||
| /etc/rhsm/ca/katello-server-ca.pem | |||
| puppet | /etc/puppetlabs/puppet/puppet.conf | ||
| /etc/puppetlabs/puppet/ssl/certs/ca.pem | |||
| /etc/puppetlabs/puppet/ssl/certs/*.pem | |||
| /etc/puppetlabs/puppet/ssl/public_keys/*.pem | |||
| /etc/puppetlabs/puppet/ssl/private_keys/*.pem | |||
| /etc/puppetlabs/puppet/ssl/crl.pem |
3. Other related files
- Certificate used to validate manifest files
/etc/candlepin/certs/upstream/candlepin-redhat-ca.crt
- Next two directories are scratch spaces used by the installer and katello-certs-tools.
/root/ssl-build//etc/pki/katello-certs-tools/
SBR
Product(s)
Components
Article Type