search

Katello / katello-client-bootstrap

Bootstrap Script for migrating systems to Foreman & Katello
GNU General Public License v2.0
52 stars 63 forks source link

Error with curl retrieving Client CA Certificate RPMs #223

Closed mimmus closed 7 years ago

mimmus commented 7 years ago

Recently, I started to see this error:

[NOTIFICATION], [2017-09-14 14:17:07], [Writing custom cURL configuration to allow download via HTTPS without certificate verification]
[NOTIFICATION], [2017-09-14 14:17:07], [Retrieving Client CA Certificate RPMs]
[RUNNING], [2017-09-14 14:17:07], [rpm -Uvh https://capsule01cs.mydomain.com/pub/katello-ca-consumer-latest.noarch.rpm]
[ERROR], [2017-09-14 14:17:08], EXITING: [rpm -Uvh https://capsule01cs.mydomain.com/pub/katello-ca-consumer-latest.noarch.rpm] failed to execute properly.
curl: (22) NSS: client certificate not found (nickname not specified)
error: skipping https://capsule01cs.mydomain.com/pub/katello-ca-consumer-latest.noarch.rpm - transfer failed

I found that curl shipped with Red Hat is compiled using NSS (and not OpenSSL) and this is the root cause of the issue but not sure to understand all implications.

Any help?

sideangleside commented 7 years ago

That shouldn't be an issue. Which version of libcurl do you have? Also, which version of RHEL, Katello/Sat6? Also, you can use --download-method=http to pull the CA RPM over HTTP?

mimmus commented 7 years ago

It was a bug: at some point in time, katello-ca-consumer-latest.noarch.rpm was no more available on HTTPS on the Capsule server. Satellite 6.2.11 solves the issue.

Thanks

sideangleside commented 7 years ago

Yes, we didn't default bootstrap.py to using https by default until after that BZ was fixed. :)