Running the global registration curl command on client fails with error"curl: (60) Peer's Certificate issuer is not recognized."
Environment
- Red Hat Satellite 6
Issue
-
Registering the client using the CURL command generated by navigating to
Hosts>Register Host, fails with the below error:# curl -sS 'https://capsule.example.com:9090/register?activation_keys=ack-rhel7&lifecycle_environment_id=3&location_id=3&organization_id=1&setup_insights=true&setup_remote_execution_pull=true&update_packages=false' -H 'Authorization: Bearer aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9.JiZvIIatiOVecaax1WKgcJmChFfm7lfLn1jxetKGo0k' | bash curl: (60) Peer's Certificate issuer is not recognized. More details here: http://curl.haxx.se/docs/sslcerts.html
Resolution
Solution: 1
-
Add the --insecure option and execute the curl command:
# curl -sS --insecure https://capsule.example.com:9090/register ...Note: Selecting the Insecure option, makes the first call insecure. During this first call, hosts download the CA file from Satellite. Hosts will use this CA file to connect to Satellite with all future calls making them secure.
Solution: 2
- Manually copy and install the CA file on each host before registering the host
-
On the Satellite GUI > navigate to Administer > Settings > Authentication and locate the value of the SSL CA file setting.
-
Copy the CA file to the /etc/pki/ca-trust/source/anchors/ directory on hosts and enter the following commands:
# update-ca-trust enable # update-ca-trust -
Next register the hosts with a secure curl command, such as:
# curl -sS https://satellite.example.com/register ...
-
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.