Satellite 6 : Unable to synchronise a repository that uses SSL client certificates for authentication
Environment
Red Hat Satellite or Proxy 6
Issue
- How to synchronize a 3rd Party repositories in Satellite 6 which uses SSL certificate for authentication?
- How to synchronize Nginx Plus product repositories which uses ssl certificate for authentication?
Resolution
The functionality is available since Satellite 6.4 that implements This content is not included.RFE 1408815 - Adding custom repositories to Satellite with SSL keys via errata This content is not included.RHSA-2018:2927.
To set up client SSL certificates of a repository via WebUI
Create content credentials via Content -> Content Credentials. Then navigate to the relevant repository and edit (or populate, for new repo) properties "SSL CA Cert", "SSL Client Cert" and "SSL Client Key" accordingly.
To set up the certs via hammer
Use hammer gpg create .. option to upload SSL certificates and keys. Then refer to those via hammer repository create --ssl-ca-cert-id 111 --ssl-client-cert-id 222 --ssl-client-key-id 333 ...
For more KB articles/solutions related to Red Hat Satellite 6.x Repository Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Repository Issues.
Root Cause
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.