How can I update NSSDB certificate for Satellite 6?
I had to change hostname and IP of Red Hat Satellite 6 (/etc/hosts and /etc/hostname), but when I exec Katello Installer to update certificates the NSSDB stops with the following error:
# katello-installer --certs-update-all
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-apache for update
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-foreman-proxy for update
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-qpid-router-server for update
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-qpid-router-client for update
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-foreman-client for update
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-apache for update
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-qpid-client-cert for update
Marking certificate /root/ssl-build/satellite.cloud/gutterball-certs for update
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-puppet-client for update
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-qpid-broker for update
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-parent-cert for update
Marking certificate /root/ssl-build/satellite.cloud/java-client for update
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud.mte-foreman-proxy for update
Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud.mte-foreman-proxy-client for update
Marking certificate /root/ssl-build/katello-server-ca for update
/Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: Failed to call refresh: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0]
/Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0]
Katello installer log:
# tail -n 1000 /var/log/katello-installer/katello-installer.log |grep ERROR
[ WARN 2016-02-09 02:42:33 main] /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]/returns: certutil: could not add certificate to token or database: SEC_ERROR_ADDING_CERT: Error adding certificate to database.
[ERROR 2016-02-09 02:42:33 main] /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: Failed to call refresh: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0]
[ERROR 2016-02-09 02:42:33 main] /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0]
[ERROR 2016-02-09 02:47:17 main] Repeating errors encountered during run:
[ERROR 2016-02-09 02:47:17 main] /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: Failed to call refresh: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0]
[ERROR 2016-02-09 02:47:17 main] /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0]
Could someone tell me how to update the NSSDB certificate correctly or fix it? I stopped all services and tried to run installer again, but the error went on.
Thanks.
Responses
Hello
Changing host name does not work at the moment. See How to change the hostname of a Red Hat Satellite 6 server and update associated SSL certificates which links to RFE bugs (you might like to follow that).
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.