[Satellite6] Using 3rd party SSL certificates, how to check they were deployed successfully?

Solution Verified - Updated 2 Aug 2024

Environment

Red Hat Satellite or Proxy 6.1

Issue

using Satellite6 with an external capsule
(re)configured the deployment to use own / 3rd party SSL certificates signed by some external Certificate Authority (CA)
how to verify what/proper certificates are really applied?

Resolution

All openssl commands below checks Issuer and Subject of a given certificate or CA. Modify or remove egrep command to see other information from them.

On Satellite, check Issuer and Subject of the Apache httpd certificate and its CA bundle:

openssl x509 -in /etc/pki/katello/certs/katello-apache.crt -text | egrep '(Issuer:|Subject:)'
openssl x509 -in /etc/foreman/proxy_ca.pem -text | egrep '(Issuer:|Subject:)'

On Capsule, check Issuer and Subject of the foreman-proxy certificate and its CA bundle:

openssl x509 -in /etc/foreman-proxy/ssl_cert.pem -text | egrep '(Issuer:|Subject:)'
openssl x509 -in /etc/foreman-proxy/foreman_ssl_ca.pem -text | egrep '(Issuer:|Subject:)'

An alternative way to check Satellite's certificate: Open WebUI in a browser and view its certificate there.

An alternative way to check Capsule's CA:

openssl s_client -connect capsule.example.com:9090 | openssl x509 -text -noout | egrep '(Issuer:|Subject:)'

For more KB articles/solutions related to Red Hat Satellite 6.x SSL Certificates Issues, please refer to the Consolidated Troubleshooting Article for Red Hat Satellite 6.x SSL Certificates Issues

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

foreman

Category

Customize or extend

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.