-
Bug
-
Resolution: Done
-
None
-
6.3.0
-
False
-
False
-
0
-
Description of problem:
Satellite is not able to connect to CDN via HTTP proxy which scans content (which changes SSL certificates)
Similar to RFE https://bugzilla.redhat.com/show_bug.cgi?id=1408815 but this is to include Red Hat repositories.
This functionality was included in Satellite 5
Version-Release number of selected component (if applicable):
Satellite 6.3
Additional info (by customer):
- Satellite 6 uses Pulp to sync repositories.
- In our case (and probably more enterprises) Pulp must communicate with repositories on the Internet through a HTTP-proxy.
- The HTTP-proxy operates as a MITM to do content scanning of HTTPS-websites.
- Therefor Pulp sees the SSL-certificate of the HTTP-proxy instead of the SSL-cert of the remote website.
- For some reason Pulp is only configured to use its own directory (/etc/pki/pulp/content) for known SSL-certs.
- Setting 'global_cert_location' to '/etc/pki/tls/certs' makes Pulp also use the system-wide SSL-certs as expected.