Error certificate verify failed (unable to get local issuer certificate) when trying to revert back to default self-signed certificates in Red Hat Satellite 6.17

Solution Verified - Updated -

Issue

  • While following the steps as described in Resetting custom SSL certificate to default self-signed certificate on Satellite Server section, The execution of the satellite-installer command failed with the following error:

    # satellite-installer --certs-reset
2025-06-23 18:04:41 [NOTICE] [root] Loading installer configuration. This will take some time.
2025-06-23 18:04:45 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2025-06-23 18:04:45 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2025-06-23 18:04:45 [NOTICE] [checks] System checks passed
Package versions are locked. Continuing with unlock.
Marking certificate /root/ssl-build/katello-server-ca for update
2025-06-23 18:04:52 [NOTICE] [configure] Starting system configuration.
2025-06-23 18:04:58 [NOTICE] [configure] 250 configuration steps out of 2193 steps complete.
..
..
2025-06-23 18:05:02 [NOTICE] [configure] 2500 configuration steps out of 2792 steps complete.
2025-06-23 18:05:22 [ERROR ] [configure] Exception SSL_connect returned=1 errno=0 peeraddr=192.168.125.3:443 state=error: certificate verify failed (unable to get local issuer certificate) in post request to: https://satellite617.lab.example.com/api/v2/hosts/facts
2025-06-23 18:05:22 [ERROR ] [configure] Wrapped exception:
2025-06-23 18:05:22 [ERROR ] [configure] SSL_connect returned=1 errno=0 peeraddr=192.168.125.3:443 state=error: certificate verify failed (unable to get local issuer certificate)
2025-06-23 18:05:22 [ERROR ] [configure] /Stage[main]/Foreman::Register/Foreman_host[foreman-satellite617.lab.example.com]/ensure: change from 'absent' to 'present' failed: Exception SSL_connect returned=1 errno=0 peeraddr=192.168.125.3:443 state=error: certificate verify failed (unable to get local issuer certificate) in post request to: https://satellite617.lab.example.com/api/v2/hosts/facts
2025-06-23 18:05:23 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_host[foreman-proxy-satellite617.lab.example.com]: Could not evaluate: Exception SSL_connect returned=1 errno=0 peeraddr=192.168.125.3:443 state=error: certificate verify failed (unable to get local issuer certificate) in get request to: https://satellite617.lab.example.com/api/v2/hosts?search=name%3D%22satellite617.lab.example.com%22

  • The same option used to work fine in the Red Hat Satellite 6.16 or the versions before that.

Environment

  • Red Hat Satellite 6.17

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content