When attempting to register a system to Red Hat Satellite or Capsule, the subscription-manager registration process may fail with a "tlsv1 alert unknown ca" message.

Solution Verified - Updated -

Issue

  • When attempting to register a system with Red Hat Satellite or Capsule using the subscription-manager command, the registration process may fail with the error message Network error, unable to connect to the server.

  • The issue arises when attempting to register, and it fails after adding CA-Signed certificates with custom parameters.

  • Registration Failure Due to Incorrect CA Configuration on Apache: The CA configured on Apache does not match the expected katello-default-ca, but instead points to /etc/puppetlabs/puppet/ssl/certs/ca.pem.

  • Issues Arising During the Configuration of a CA-Signed SSL Certificate on Red Hat Satellite.

  • The registration of the system to Red Hat Satellite or Capsule was partially successful, and the error message Network error, unable to connect to server was displayed by the subscription-manager command.

    #  subscription-manager register --org="Test" --activationkey="Test_AK"
The system has been registered with ID: 12383f3b-fe9b-4837-a656-e21a8f0a4abc
The registered system name is: client.example.com
Network error, unable to connect to server. Please see /var/log/rhsm/rhsm.log for more information.

    2023-09-27 23:34:26,802 [ERROR] dnf:2285579:MainThread @entcertlib.py:121 - [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:2354)
Traceback (most recent call last):
File "/usr/lib64/python3.6/site-packages/subscription_manager/entcertlib.py", line 119, in perform
expected = self._get_expected_serials()
File "/usr/lib64/python3.6/site-packages/subscription_manager/entcertlib.py", line 296, in _get_expected_serials
exp = self.get_certificate_serials_list()
File "/usr/lib64/python3.6/site-packages/subscription_manager/entcertlib.py", line 276, in get_certificate_serials_list
reply = self.uep.getCertificateSerials(identity.uuid)
File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 1506, in getCertificateSerials
return self.conn.request_get(method)
File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 989, in request_get
return self._request("GET", method, headers=headers, cert_key_pairs=cert_key_pairs)
File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 1022, in _request
info=info, headers=headers, cert_key_pairs=cert_key_pairs)
File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 800, in _request
response = conn.getresponse()
File "/usr/lib64/python3.6/http/client.py", line 1365, in getresponse
response.begin()
File "/usr/lib64/python3.6/http/client.py", line 320, in begin
version, status, reason = self._read_status()
File "/usr/lib64/python3.6/http/client.py", line 281, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib64/python3.6/socket.py", line 586, in readinto
return self._sock.recv_into(b)
File "/usr/lib64/python3.6/ssl.py", line 971, in recv_into
return self.read(nbytes, buffer)
File "/usr/lib64/python3.6/ssl.py", line 833, in read
return self._sslobj.read(len, buffer)
File "/usr/lib64/python3.6/ssl.py", line 590, in read
v = self._sslobj.read(len, buffer)
ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:2354)

Environment

  • Red Hat Satellite 6
  • Red Hat Capsule 6
  • Red Hat Enterprise Linux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content