Cannot upgrade to Satellite 6.16 when using a CA with SHA1 as Signature Algorithm

Solution Verified - Updated -

Issue

  • When upgrading to Satellite 6.16, the CA used to sign the certificates used by Satellite API cannot use SHA1 as Signature Algorithm. When such CA is used, the error below is generated during satellite-installer execution:

    /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite.example.com]
  Adding autorequire relationship with Anchor[foreman::service]
  Adding autorequire relationship with Anchor[foreman::providers::oauth]
  Starting to evaluate the resource (3113 of 3141)
  Could not evaluate: Exception SSL_connect returned=1 errno=0 peeraddr=192.168.110.100:443 state=error: 
certificate verify failed (CA signature digest algorithm too weak) in get request to: 
https://satellite.example.com/api/v2/smart_proxies?search=name%3D%22satellite.example.com%22
Wrapped exception:
SSL_connect returned=1 errno=0 peeraddr=192.168.110.100:443 state=error: certificate verify failed (CA signature 
digest algorithm too weak)
  Evaluated in 0.00 seconds
Foreman_smartproxy[satellite.example.com](provider=rest_v3)
  Making get request to https://satellite.example.com/api/v2/smart_proxies? 
search=name%3D%22satellite.example.com%22

Environment

  • Red Hat Satellite 6.16
  • Red Hat Enterprise Linux 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content