How can I update NSSDB certificate for Satellite 6?
I had to change hostname and IP of Red Hat Satellite 6 (/etc/hosts and /etc/hostname), but when I exec Katello Installer to update certificates the NSSDB stops with the following error:
# katello-installer --certs-update-all Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-apache for update Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-foreman-proxy for update Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-qpid-router-server for update Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-qpid-router-client for update Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-foreman-client for update Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-apache for update Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-qpid-client-cert for update Marking certificate /root/ssl-build/satellite.cloud/gutterball-certs for update Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-puppet-client for update Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-qpid-broker for update Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud-parent-cert for update Marking certificate /root/ssl-build/satellite.cloud/java-client for update Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud.mte-foreman-proxy for update Marking certificate /root/ssl-build/satellite.cloud/satellite.cloud.mte-foreman-proxy-client for update Marking certificate /root/ssl-build/katello-server-ca for update /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: Failed to call refresh: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0] /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0]
Katello installer log:
# tail -n 1000 /var/log/katello-installer/katello-installer.log |grep ERROR [ WARN 2016-02-09 02:42:33 main] /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]/returns: certutil: could not add certificate to token or database: SEC_ERROR_ADDING_CERT: Error adding certificate to database. [ERROR 2016-02-09 02:42:33 main] /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: Failed to call refresh: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0] [ERROR 2016-02-09 02:42:33 main] /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0] [ERROR 2016-02-09 02:47:17 main] Repeating errors encountered during run: [ERROR 2016-02-09 02:47:17 main] /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: Failed to call refresh: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0] [ERROR 2016-02-09 02:47:17 main] /Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]: certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',,' -a -i '/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0]
Could someone tell me how to update the NSSDB certificate correctly or fix it? I stopped all services and tried to run installer again, but the error went on.
Thanks.
Responses