[Satellite 6] 'satellite-maintain upgrade check' fails with "Error reading server CA certificate /root/cert_path/bundle.pem"

Solution Verified - Updated 7 Jan 2025

Environment

Red Hat Satellite 6.16

Issue

'satellite-maintain upgrade check' fails with "Error reading server CA certificate /root/cert_path/bundle.pem"

# satellite-maintain upgrade check
Check if server certificate authority is sha1 signed:                 [FAIL]
Error reading server CA certificate /root/cert_path/bundle.pem.

Resolution

To workaround this issue, you will need modify the certificate file and remove an empty line(s)

For more KB articles/solutions related to Red Hat Satellite 6.x Installation/Upgrade/Update Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Installation/Upgrade/Update Issues.

Root Cause

The certificate file has an empty line(s) and the upgrade check fails erroneously - This is addressed in This content is not included.Jira: SAT-30314

Diagnostic Steps

foreman-maintain.log has the error "ERROR -- : No such file or directory @ rb_sysopen - /root/cert_path/bundle.pem (Errno::ENOENT)"

# grep "ERROR" /var/log/foreman-maintain/foreman-maintain.log
E, [2024-12-23 13:19:29-0500 #4087565] ERROR -- : No such file or directory @ rb_sysopen - 
/root/cert_path/bundle.pem (Errno::ENOENT)

The bundle and the server certificates and the server key exist in the directory

# ls -l /root/cert_path
 total 20
 -rw-r--r--. 1 root root 7270 Sep 28  2023 bundle.pem
 -rw-r--r--. 1 root root 7572 Aug 30 08:54 server.pem
 -rw-------. 1 root root 1986 Aug 30 08:54 server.key

openssl verify command with the bundle pem and server pem does not error

# openssl verify -verbose -CAfile /root/cert_path/bundle.pem /root/cert_path/server.pem 
/root/cert_path/server.pem: OK

There is no sha1 output from the certificates

# for i in `ls /root/cert_path/*.pem`; do openssl x509 -text -noout -in $i | grep -i sha; done
    Signature Algorithm: sha256WithRSAEncryption
    Signature Algorithm: sha256WithRSAEncryption

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

upgrade

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.