Skip to content

Instantly share code, notes, and snippets.

@jeremylenz

jeremylenz/katello_cert_locations.md

Last active August 20, 2020 15:53
Show Gist options
  • Save jeremylenz/8b0b7d18bbdc00c83d99bf1ba4668011 to your computer and use it in GitHub Desktop.
Save jeremylenz/8b0b7d18bbdc00c83d99bf1ba4668011 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
katello_cert_locations.md

Technically, a more correct name for an SSL certificate is a "PKI (public key infrastructure) certificate using the TLS protocol"

On a Satellite,

  • /etc/pki/katello/certs contains all of the Katello's certs, including server and CA
  • /etc/rhsm/ca/katello-server-ca.pem can be ignored - this is on the system if it is a client of another katello #KatelloInception

On a Katello client,

  • /etc/rhsm/ca/katello-default-ca.pem contains the pki certificate from Katello downloaded with
rpm -Uvh http://katello.example.com/pub/katello-ca-consumer-latest.noarch.rpm
  • /etc/pki/consumer contains the identity certs of the Katello client, signed by the Katello CA
  • /etc/pki/entitlements contains entitlement certificates
  • subscription-manager clean will remove local data including certs in /etc/pki/consumer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment