Registering any systems to Red Hat Satellite Capsule server fails with error "certificate verify failed (_ssl.c:618)"
Environment
- Red Hat Satellite 6
- Red Hat Satellite Capsule 6
- Custom SSL Certificates
Issue
-
After updating custom
SSL certificates
on the Satellite and the Capsule,subscription-manager
fails with the below error, when attempting to register the system to a Capsule:Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
Resolution
-
Make sure to follow all the steps for installing Capsule for Satellite 6 with a certificate signed by a different Certification Authority (CA).
-
Reinstall the
katello-ca-consumer
package on the content-host:# rpm -e $(rpm -qa | grep katello-ca-consumer) # curl -O http://capsule.example.com/pub/katello-ca-consumer-latest.noarch.rpm # yum install katello-ca-consumer-latest.noarch.rpm
-
Ensure that the affected system has the correct
date/time
set and synchronized with anNTP
server.
For more KB articles/solutions related to Red Hat Satellite 6.x Client Subscription Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Client Subscription Issues
Root Cause
- The content host did not have the latest
katello-ca-consumer
package from the Capsule, which resulted in the SSL error.
Diagnostic Steps
-
Check the
katello-ca-consumer
version installed on the host and the latest version on the Capsule are the same:-
On the Capsule:
# ls -lht /var/www/html/pub/
-
On the content host:
# rpm -qa | grep katello-ca-consumer
-
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments