how to add a self-signed cert from a firewall for https packet inspection

Latest response

Hi, I'm pretty new to Redhat and trying to get a Redhat Enterprise 7.2 system configured in VMWare Workstation 12.5.4 running on a Windows Server 2008 R2 SP1.
I've got the base install done, am connected via ssh, and am trying to connect to Subscription Manager.
This is the error I receive:
[root@servername pki]# subscription-manager register
Registering to:
Username: RedhatAccount
Unable to verify server's identity: certificate verify failed
[root@servername pki]#

If I run the openssl test, I receive this:
[root@servername ~]# openssl s_client -connect -CAfile /etc/rhsm/ca/redhat-uep.pem
getaddrinfo: No address associated with hostname
[root@servername ~]#

We suspect the issue might be packet inspection by the firewall.
We have a Checkpoint firewall with web url filtering enabled and a self-signed cert that we need to add to IE/Firefox on Windows systems to get through the packet inspection on the firewall. I'm trying to figure out how I would add that same firewall self-signed cert on a Redhat system to enable packet inspection and allow it to talk to the Subscription Manager.
Does anyone else have any experience with this?


thanks, already walked through that one but it doesn't answer the info I need.

how did you resolve this issue?

This was quite some time ago, but I went back through my notes and it looks like I turned off certificate validation because I couldn't find a way to add a certificate for our firewall packet inspection to Redhat. I changed /etc/rhsm/rhsm.conf for Insecure = 1 to disable certificate validation. Following that "subscription manager register" worked.