How to install Capsule for Red Hat Satellite 6 with certificate signed by different Certification Authority (CA)

Solution Verified - Updated -

Issue

  • Capsule server installation fails when the Capsule server uses certificates signed by a different CA root trust than the Red Hat Satellite server.

  • Capsule installation fails with:

    Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[capsule.domain2.local]/ensure: change from absent to present failed: Could not set 'present' on ensure: 422 Unprocessable Entity at 12:/usr/share/katello-installer/modules/foreman_proxy/manifests/register.pp

  • The Foreman log on Satellite reports SSL verification errors:

    [E] Unprocessable entity SmartProxy (id: new):
 Unable to communicate with the proxy: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([OpenSSL::SSL::SSLError]: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verif...) for proxy https://capsule.domain2.local:9090/features

    This occurs because Satellite does not trust the CA that signed the Capsule certificates

Environment

  • Red Hat Satellite 6
  • Satellite and Capsule certificates signed by different Certificate Authorities

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content