Description

When upgrading to Satellite 6.15 we are seeing issues related to regenerating and reimporting the candlepin-ca;
~~~
2024-04-24 11:22:55 [ERROR ] [configure] /Stage[main]/Certs::Candlepin/Truststore_certificate[/etc/candlepin/certs/truststore:candlepin-ca]/ensure: change from 'absent' to 'present' failed: Execution of '/bin/keytool -import -v -noprompt -storetype pkcs12 -keystore /etc/candlepin/certs/truststore -alias candlepin-ca -file /etc/candlepin/certs/candlepin-ca.crt -storepass:file /etc/pki/katello/truststore_password-file -J-Dcom.redhat.fips=false' returned 1: keytool error: java.io.IOException: keystore password was incorrect
2024-04-24 11:22:55 [ERROR ] [configure] java.io.IOException: keystore password was incorrect
2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2089)
2024-04-24 11:22:55 [ERROR ] [configure] at java.security.KeyStore.load(KeyStore.java:1445)
2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.tools.keytool.Main.doCommands(Main.java:839)
2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.tools.keytool.Main.run(Main.java:380)
2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.tools.keytool.Main.main(Main.java:373)
2024-04-24 11:22:55 [ERROR ] [configure] Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
~~~

Steps to reproduce:

• Install RHEL 8.9 and enable FIPS
• Install a Satellite 6.14 on top of it.
• Try to upgrade the instance to Satellite 6.15.0

Actual Results:

Errors with candlepin keystore password as mentioned above

Expected Results:

No such errors and the upgrade should happen without any such issues.