Encountered an issue when attempting to register an RHEL8 client with the Red Hat Satellite server.

Solution Verified - Updated 14 Jun 2024

Environment

Red Hat Satellite 6

Issue

Not able to register RHEL 8 client with Red Hat Satellite server
Error:Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)

Resolution

Run the below command to disable FIPS mode entirely on the affected client:
```
# fips-mode-setup --disable
```

Once this command completes, reboot the system and run:

# rpm -e katello-ca-consumer
# rpm -ivh http://<satellite_FQDN>/pub/katello-ca-consumer-latest.noarch.rpm
# subscription-manager register --org="Org_Name" --activationkey="Key_Name"

For more KB articles/solutions related to Red Hat Satellite 6.x Client Subscription Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Client Subscription Issues
For more KB articles/solutions related to Red Hat Satellite 6.x Issues SSL: CERTIFICATE_VERIFY_FAILED, please refer to the Yum commands and registration to Red Hat Satellite or Capsule fail due to SSL-related errors.

Root Cause

Even after changing the policy to DEFAULT using the below command, the client still has some bits defined as FIPS
```
# update-crypto-policies --set DEFAULT
```

Diagnostic Steps

Run the below command on the affected client to check the current policy:

   # update-crypto-policies --show
   FIPS
   
   # fips-mode-setup --check
   FIPS mode is enabled.

   # cat /proc/cmdline
   BOOT_IMAGE=(hd2,gpt2)/vmlinuz-4.19.0-193.1.2.el8_2.x86_64 root=/dev/mapper/rhel-root ro nouveau.modeset=0 rd.driver.blacklist=nouveau nvidia-drm.modeset=1 boot=UUID=4cg34df-6434-5433-b48d- 
   h543fgh764543 resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap fips=1 rhgb intel_iommu=on

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.