Puppet SSL CA names are identical post satellite-installer?

Latest response

Both the CN and CA CN have the same name?

openssl s_client -connect <satellite_server>:8140

Prior to this I ran the installer; I needed to add a custom SSL cert to satellite:
Red Hat Satellite (build: 6.3.4)

    satellite-installer --scenario satellite\
                      --certs-server-cert "/etc/pki/tls/certs/localhost.crt"\
                      --certs-server-cert-req "/root/custom_ssl/localhost_csr.pem"\
                      --certs-server-key "/etc/pki/tls/private/localhost.key"\
                      --certs-server-ca-cert "/root/custom_ssl/custom_ssl.pem"\
                      --certs-update-server --certs-update-server-ca --certs-update-all

It seems like puppet didn't get the CA I specified? I can remedy this if I knew
the location of the puppet CA. Running openssl on 8140 I can see the problem,
but I have been having trouble tracking down the .pem file. The install went off without a hitch it's just this annoying little CN conflict I need to knock out.

Responses

I copied over my CA bundle into the puppet certs; everything works and Nessus seems to be okay with it even with it looking like a self signed cert on openssl. The directory for the puppet CA is in located here:

/var/lib/puppet/ssl/certs/

I might trying giving the installer a new cert bundle now that I have updated the it on my server. Has anyone else had trouble with custom certs and the RHEL satellite installer?