We do not have certificate request (CSR) file for the custom certificate, how can we complete the satellite v 6.2 installation using satellite-installer command?

Environment

• Red Hat Satellite v 6.2 installation
• Satellite-installer
• Custom ssl certificate

Issue

• We do not have certificate request (CSR) file for the custom certificate, how can we complete the satellite v 6.2 installation using satellite-installer command?
• The problem I’m having is that I do not have a request file. My customer’s CA does not accept a request file. Their process is a web form that asks server details and then generates the certs for you without a request file. When I try to install without a request file the install errors out and complained about the missing request file. Is there a way around this?

Resolution

As a workaround we need to create a blank file and pass that as a value to --certs-server-cert-req parameter

# touch /root/sat_cert/satellite_cert_csr.pem

# satellite-installer --scenario satellite \
--certs-server-cert "/root/sat_cert/satellite_cert.pem" \
--certs-server-cert-req "/root/sat_cert/satellite_cert_csr.pem" \
--certs-server-key "/root/sat_cert/satellite_cert_key.pem" \
--certs-server-ca-cert "/root/sat_cert/ca_cert_bundle.pem" \
--certs-update-server --certs-update-server-ca

Note: Change the file path as per your requirement.

For more details refer: 3.5.7. Configuring Satellite Server with a Custom Server Certificate documentation for more details.

Root Cause

• It is mandatory to pass CSR file while running satellite-installer command.
• This issue is tracked in the This content is not included.Bug 1233431, it is proposed to remove the option --certs-server-cert-req as a mandatory option.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.