The installation process for custom CA-signed certificates on Red Hat Satellite and Capsule fails due to an error related to invalid parameters.

Solution Verified - Updated -

Issue

  • The installation process for custom CA-signed certificates on Red Hat satellite and Capsule fails due to an error related to invalid parameters. Specifically, the values for the certs-server-cert, certs-server-ca-cert, and certs-server-key parameters do not match the required regular expression patterns. These patterns are designed to validate the format of the provided values.

  • An error is encountered during the process of regenerating SSL certificates.

  • The attempt to create a certificate archive using custom certificates fails for the Red Hat capsule server.

    # satellite-installer --scenario satellite --certs-server-cert "satellite_cert.pem" --certs-server-key "satellite_cert_key.pem" --certs-server-ca-cert "ca_cert_bundle.pem" --certs-update-server --certs-update-server-ca

2023-05-22 12:57:22 [ERROR ] [root] Parameter certs-server-cert invalid: satellite_cert.pem is not one of regexes matching /\A(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+)).*\z/ or regexes matching /\A\/([^\n\/\0]+\/*)*\z/
2023-05-22 12:57:22 [ERROR ] [root] Parameter certs-server-key invalid: "satellite_cert_key.pem" is not one of regexes matching /\A(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+)).*\z/ or regexes matching /\A\/([^\n\/\0]+\/*)*\z/
2023-05-22 12:57:22 [ERROR ] [root] Parameter certs-server-ca-cert invalid: ca_cert_bundle.pem is not one of regexes matching /\A(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+)).*\z/ or regexes matching /\A\/([^\n\/\0]+\/*)*\z/
2023-05-22 12:57:22 [DEBUG ] [root] Exit with status code: 21 (signal was invalid_values)

    # capsule-certs-generate --foreman-proxy-fqdn "capsule.example.com" --certs-tar "/root/capsule.example.com-certs.tar" --server-cert "capsule_cert.pem" --server-key "capsule_cert_key.pem" --server-ca-cert "ca_cert_bundle.pem" --certs-update-server

2023-06-06 01:59:09 [ERROR ] [root] Parameter server-cert invalid:  capsule_cert.pem is not one of regexes matching /\A(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+)).*\z/ or regexes matching /\A\/([^\n\/\0]+\/*)*\z/
2023-06-06 01:59:09 [ERROR ] [root] Parameter server-key invalid:   capsule_cert_key.pem is not one of regexes matching /\A(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+)).*\z/ or regexes matching /\A\/([^\n\/\0]+\/*)*\z/
2023-06-06 01:59:09 [ERROR ] [root] Parameter server-ca-cert invalid:  ca_cert_bundle.pem is not one of regexes matching /\A(([a-zA-Z]:[\\\/])|([\\\/][\\\/][^\\\/]+[\\\/][^\\\/]+)|([\\\/][\\\/]\?[\\\/][^\\\/]+)).*\z/ or regexes matching /\A\/([^\n\/\0]+\/*)*\z/
2023-06-06 01:59:09 [DEBUG ] [root] Exit with status code: 21 (signal was invalid_values)

Environment

  • Red Hat Satellite 6
  • Red Hat Capsule 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content