Custom file repositories for config files have been in use since Satellite 6.4. The files are pulled over https using the debug certificate. The organization has moved to a new Satellite 6.6 server running in FIPS mode and configured the same method as described in Satellite 6.6 Official Content Management Guide.
Yum works with the rpm repositories. This only affects https file repos.
This is the message we get using
[root@host ~]# curl -1 -vvv -O -cert ./Default\ Organization-key-cert.pem --cacert /etc/rhsm/ca/katello-server-ca.pem https://satellite.example.com/pulp/isos/Default_Organization/Library/custom/some_file_collection/my_test/firstboot.sh % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: .; Name or service not known * Closing connection 0 curl: (6) Could not resolve host: .; Name or service not known * About to connect() to satellite.example.com port 443 (#1) * Trying 10.***.***.***... * Connected to satellite.example.com (10.***.***.***) port 443 (#1) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/rhsm/ca/katello-server-ca.pem CApath: none * NSS: client certificate not found (nickname not specified) * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=satellite.example.com,OU=SomeOrgUnit,O=Katello,ST=North Carolina,C=US * start date: Sep 04 17:35:35 2019 GMT * expire date: Jan 17 17:35:35 2038 GMT * common name: satellite.example.com * issuer: CN=satellite.example.com,OU=SomeOrgUnit,O=Katello,L=Raleigh,ST=North Carolina,C=US > GET /pulp/isos/Default_Organization/Library/custom/some_file_collection/my_test/firstboot.sh HTTP/1.1 > User-Agent: curl/7.29.0 > Host: satellite.example.com > Accept: */* > * NSS: client certificate not found (nickname not specified) * SSL read: errno -12227 (SSL_ERROR_HANDSHAKE_FAILURE_ALERT) * SSL peer was unable to negotiate an acceptable set of security parameters. * Closing connection 1 curl: (56) NSS: client certificate not found (nickname not specified)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.