Error "no certificate or crl found" reported when using a http proxy for content syncing or manifest-related operations in Satellite 6.12
Environment
- Red Hat Satellite 6.12.0
Issue
In Satellite 6.12, after creating an http proxy and setting it as Default HTTP Proxy, Two fundamental functions are found to be broken:
-
Accessing the
Satellite WebUI --> Content --> Subscriptionspage results in an errorno certificate or crl found. -
Accessing the
Satellite WebUI --> Content --> Red Hat Repositoriespage and expanding any repository-set results in aNo Repositories availablemessage. -
And due to the same, trying to synchronize any existing repository or refreshing the satellite manifest will fail as well.
Resolution
-
This issue has been reported to the Red Hat Engineering team via Bugzilla 2144044 and has been fixed in Red Hat Satellite 6.12.1.
-
To resolve this issue,
-
Reach out to Red Hat Technical Support in case of any further clarification would be required.
Diagnostic Steps
-
Accessing the
Content --> Subscriptionspage resutls in the following traceback inside/var/log/foreman/production.logfile.2022-11-19T00:11:19 [E|app|ee15f1b2] Katello::HttpErrors::BadRequest: no certificate or crl found ee15f1b2 | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/api/v2/api_controller.rb:271:in `rescue in check_upstream_connection' ee15f1b2 | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/api/v2/api_controller.rb:268:in `check_upstream_connection' ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:428:in `block in make_lambda' ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:200:in `block (2 levels) in halting' ee15f1b2 | /usr/share/gems/gems/actionpack-6.0.4.7/lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>' ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:201:in `block in halting' ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:513:in `block in invoke_before' -
Accessing the
Content --> Red Hat Repositoriespage and trying enable any repository from there will result in the following traceback in the same file.2022-11-19T00:12:25 [E|bac|8732f73b] no certificate or crl found (OpenSSL::X509::StoreError) 8732f73b | /usr/share/foreman/lib/foreman/util.rb:37:in `add_file' 8732f73b | /usr/share/foreman/lib/foreman/util.rb:37:in `block in add_ca_bundle_to_store' 8732f73b | /usr/share/ruby/tempfile.rb:291:in `open' 8732f73b | /usr/share/foreman/lib/foreman/util.rb:34:in `add_ca_bundle_to_store' 8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:53:in `initialize' 8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:67:in `new' 8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:67:in `create' 8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/models/katello/product.rb:219:in `cdn_resource' 8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:38:in `cdn_var_substitutor' 8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:30:in `fetch_results' 8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:24:in `run'
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
2 Comments
How to apply the fix attached to this solution?
Hello,
I suggest you to not use the manual patch file but rather install the hotfix which is permanent in nature.
But if you insist on applying the patch fix manually, instead of the hotfix, I can share the steps.
-- Sayan