Validation of the custom SSL certificate input files using the 'katello-certs-check' command fails on the 'Checking for private key passphrase' step

Solution Verified - Updated

Environment

  • Red Hat Satellite 6.17

Issue

While renewing an expired custom SSL certificate on a Capsule Server following 15.3. Renewing a custom SSL certificate on Capsule Server, the validation of the custom SSL certificate input files using the katello-certs-check command failed on the following step:

.
.
Checking for private key passphrase:
[FAIL]

The /root/capsule_cert/capsule.example.com/capsule.example.com.key contains a passphrase, remove the key's passphrase by doing:
mv /root/capsule_cert/capsule.example.com/capsule.example.com.key /root/capsule_cert/capsule.example.com/capsule.example.com.key.old
openssl pkey -in /root/capsule_cert/capsule.example.com/capsule.example.com.key.old -out /root/capsule_cert/capsule.example.com/capsule.example.com.key

Resolution

Obtain the Capsule's private key passphrase, and following the recommendation from the output of the katello-certs-check command to remove the key's passphrase:

# mv /root/capsule_cert/capsule.example.com/capsule.example.com.key /root/capsule_cert/capsule.example.com/capsule.example.com.key.old

# openssl pkey -in /root/capsule_cert/capsule.example.com/capsule.example.com.key.old -out /root/capsule_cert/capsule.example.com/capsule.example.com.key

For more KB articles/solutions related to Red Hat Satellite 6.x SSL Certificates Issues, please refer to the Consolidated Troubleshooting Article for Red Hat Satellite 6.x SSL Certificates Issues

Root Cause

The katello-certs-check tool has identified that the Capsule's private key is encrypted with a passphrase. Red Hat Satellite and Capsule services (specifically Apache and the Foreman Proxy) are designed to start automatically as system services. If the private key is password-protected, the services will hang or fail during startup because they cannot prompt for a manual password entry.

SBR
Product(s)

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.