Error while updating custom certs on Red Hat Satellite 6 Report processor failed: Could not send report to Foreman at https://sat1.example.com/api/reports: hostname sat1.example.com does not match the server certificate.

Solution Verified - Updated 14 Jun 2024

Environment

Red Hat Satellite 6.2.z.

Issue

While updating the custom certs on Red Hat Satellite fails with following error:

[root@sat1 ~]# satellite-installer --scenario satellite --certs-server-cert "/root/sat_cert/sat2.example.com_cert.pem" --certs-server-cert-req "/root/sat_cert/sat2.example.com_csr.pem" --certs-server-key "/root/sat_cert/sat2.example.com_key.pem" --certs-server-ca-cert "/root/sat_cert/ca_cert_bundle.pem" --certs-update-server --certs-update-server-ca

Marking certificate /root/ssl-build/sat1.example.com/sat1.example.com-apache for update
Marking certificate /root/ssl-build/sat1.example.com/sat1.example.com-foreman-proxy for update
Marking certificate /root/ssl-build/katello-server-ca for update
 Report processor failed: Could not send report to Foreman at https://sat1.example.com/api/reports: hostname "sat1.example.com" does not match the server certificate
Installing             Done                                               [100%] [..........................................]
  Success!

Resolution

This issue can be resolved by following any one of the resolutions given below:
1. Change the hostname of Red Hat Satellite server according to the name specified in the custom certs.
2. Get new SSL certs generated matching with the current hostname of the Red Hat Satellite server.

For more KB articles/solutions related to Red Hat Satellite 6.x SSL Certificates Issues, please refer to the Consolidated Troubleshooting Article for Red Hat Satellite 6.x SSL Certificates Issues

Root Cause

Hostname of the Red Hat Satellite server is different than the hostname that is generated in custom SSL certs.

[root@sat1 sat_cert]# ls -l
total 16
-rw-r--r-- 1 root root 3512 Mar  9 14:18 ca_cert_bundle.pem
-rw-r--r-- 1 root root 2619 Mar  9 14:18 sat2.example.com_cert.pem
-rw-r--r-- 1 root root 1098 Mar  9 14:18 sat2.example.com_csr.pem
-rw-r--r-- 1 root root 1860 Mar  9 14:18 sat2.example.com_key.pem    <--- custom certs are generated for hostname sat2.example.com

[root@sat1]# cat /etc/hostname
sat1.example.com                                     <--- satellite hostname is sat1.example.com

Diagnostic Steps

Client registered to satellite gives the following error:

https://sat1.example.com/pulp/repos/ACME/RHEL6/RHEL6_x86_64/content/dist/rhel/server/6/6Server/x86_64/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 51 - "SSL: certificate subject name 'sat2.example.com' does not match target host name 'sat1.example.com'"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-6-server-rpms. Please verify its path and try again

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

katello

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.