pulp-admin certificate errors - cannot connect on capsules

Latest response

Followed: https://access.redhat.com/solutions/1295653

Still cannot get pulp-admin to work on capsules in order to glean some valuable information to ensure the content synchronizations from the satellite actually worked since the Web UI is pointless in the information it gives you.

Continue to get:

error signing cert request: Signature ok
subject:/CN/admin:admin:
Getting CA Private Key
CA certificate and CA private key do not match

Using the katello-default-ca.crt as the ca_cert in the admin.conf or the /etc/pki/pulp/ca.crt all fails with the same errors when attempting it on the capsule servers ... following the steps for the satellite appears to work though but that's not where the pulp-admin-client would be very useful.

Responses

Duh - found the reason. Pulp CA key and cert are not managed by Satellite at all. In fact the ca.key set in the /etc/pulp/server.conf is wrong.

Run the following script to verify it - https://gist.github.com/dLobatog/6e6c53bca6343ae8fc37 - if it outputs one md5 key, it means all of them were signed by the same CA. But the Pulp ca key isn't signed by the same CA.

I'd say just call Pulp actions with '--username username --password password', like 'pulp-admin --username username --password password consumer list'. Or change the cakey in /etc/pulp/server.conf to point to /etc/pki/katello/private/katello-default-ca.key.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.