Description of problem:

Docs don't explain that users can't use SHA-1 certificates with Satellite. The installer displays an error when a SHA-1 certificate is used but users should be aware of the requirement before they run the installer.

SHA-1 is not supported on the RHEL 9 side either.

How reproducible:

Is this issue a regression from an earlier version:

Steps to Reproduce:

1.

2.

3.

Actual behavior:
4.11. Configuring Satellite Server with a custom SSL certificate lists lists prerequisites/requirements for the scenario of configuring a server with a custom SSL certificate, but it doesn't mention SHA-1.

I didn't find any relevant occurrences anywhere else in the docs set either.

Expected behavior:
4.11. Configuring Satellite Server with a custom SSL certificate lists should explain that SHA-1 certs are not supported because they are considered insecure.

It wouldn't hurt to take a closer look at how the section is structured in general and make some improvements so that the new requirement related to SHA-1 isn't easy to overlook.

We might want to make a similar update somewhere in the Upgrade guide too.

Business Impact / Additional info:

EDIT: It turns out we have this documented as a known issue in Release Notes: https://docs.redhat.com/en/documentation/red_hat_satellite/6.16/html-single/release_notes/index#known-issues-security-and-authentication A prerequisite in the product guides, as described above, is still a good idea.