SSL error connecting to custom file repository over https in Satellite 6

Solution Verified - Updated -

Issue

Custom file repositories for config files have been in use since Satellite 6.4. The files are pulled over https using the debug certificate. The organization has moved to a new Satellite 6.6 server running in FIPS mode and configured the same method as described in Satellite 6.6 Official Content Management Guide. Yum works with the rpm repositories. This only affects https file repos.

This is the message we get using curl.

[root@host ~]# curl -1 -vvv -O -cert ./Default\ Organization-key-cert.pem --cacert /etc/rhsm/ca/katello-server-ca.pem https://satellite.example.com/pulp/isos/Default_Organization/Library/custom/some_file_collection/my_test/firstboot.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Could not resolve host: .; Name or service not known
* Closing connection 0
curl: (6) Could not resolve host: .; Name or service not known
* About to connect() to satellite.example.com port 443 (#1)
*   Trying 10.***.***.***...
* Connected to satellite.example.com (10.***.***.***) port 443 (#1)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/rhsm/ca/katello-server-ca.pem
  CApath: none
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=satellite.example.com,OU=SomeOrgUnit,O=Katello,ST=North Carolina,C=US
*       start date: Sep 04 17:35:35 2019 GMT
*       expire date: Jan 17 17:35:35 2038 GMT
*       common name: satellite.example.com
*       issuer: CN=satellite.example.com,OU=SomeOrgUnit,O=Katello,L=Raleigh,ST=North Carolina,C=US
> GET /pulp/isos/Default_Organization/Library/custom/some_file_collection/my_test/firstboot.sh HTTP/1.1
> User-Agent: curl/7.29.0
> Host: satellite.example.com
> Accept: */*
>
* NSS: client certificate not found (nickname not specified)
* SSL read: errno -12227 (SSL_ERROR_HANDSHAKE_FAILURE_ALERT)
* SSL peer was unable to negotiate an acceptable set of security parameters.
* Closing connection 1
curl: (56) NSS: client certificate not found (nickname not specified)

Environment

Satellite 6.6
Custom Repository
File Repository

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In