Refs #36843 - Avoid running katello-certs-check for proxies (theforeman#2566)

ekohl · web-flow · commit 13895dfcf385 · 2023-11-16T16:29:33.000+01:00
The foreman-proxy-certs-generate command (and its branded version) now
runs katello-certs-check so there's no more need to run it manually.
This greatly simplifies the instructions for users.
diff --git a/guides/common/assembly_configuring-capsule-custom-server-certificate.adoc b/guides/common/assembly_configuring-capsule-custom-server-certificate.adoc
@@ -16,16 +16,7 @@ To configure your {SmartProxyServer} with a custom certificate, complete the fol
 //Creating a Custom SSL Certificate for {SmartProxyServer}
 include::modules/proc_creating-a-custom-ssl-certificate.adoc[leveloffset=+1]
 
-//Deploying a Custom SSL Certificate to {SmartProxyServer}
-// stdout from "katello-certs-check" is branded on Satellite
-ifdef::satellite[]
-:smart-proxy-capitalized: CAPSULE
-endif::[]
-ifndef::satellite[]
-:smart-proxy-capitalized: FOREMAN_PROXY
-endif::[]
 include::modules/proc_deploying-a-custom-ssl-certificate-to-smart-proxy-server.adoc[leveloffset=+1]
-:!smart-proxy-capitalized:
 
 //Deploying a Custom SSL Certificate to Hosts
 include::modules/proc_deploying-a-custom-ssl-certificate-to-hosts.adoc[leveloffset=+1]
diff --git a/guides/common/modules/proc_deploying-a-custom-ssl-certificate-to-smart-proxy-server.adoc b/guides/common/modules/proc_deploying-a-custom-ssl-certificate-to-smart-proxy-server.adoc
@@ -14,48 +14,23 @@ For more information, see {InstallingSmartProxyDocURL}registering-to-satellite-s
 For more information, see {InstallingSmartProxyDocURL}installing-capsule-server-packages_{smart-proxy-context}[Installing {SmartProxyServer} Packages].
 
 .Procedure
-. On your {ProjectServer}, validate the custom SSL certificate input files:
+. On your {ProjectServer}, generate a certificate bundle:
 +
 [options="nowrap", subs="+quotes,attributes"]
 ----
-# katello-certs-check \
--t {certs-proxy-context} \
--c __/root/{smart-proxy-context}_cert/{smart-proxy-context}_cert.pem__ \ <1>
--k __/root/{smart-proxy-context}_cert/{smart-proxy-context}_cert_key.pem__ \ <2>
--b __/root/{smart-proxy-context}_cert/ca_cert_bundle.pem__ <3>
+# {certs-generate} \
+--foreman-proxy-fqdn _{smartproxy-example-com}_ \
+--certs-tar ~/_{smartproxy-example-com}_-certs.tar \
+--server-cert /root/__{smart-proxy-context}_cert/{smart-proxy-context}_cert.pem__ \ <1>
+--server-key /root/__{smart-proxy-context}_cert/{smart-proxy-context}_cert_key.pem__ \ <2>
+--server-ca-cert "/root/__{smart-proxy-context}_cert/ca_cert_bundle.pem__ \ <3>
+--certs-update-server
 ----
++
 <1> Path to {SmartProxyServer} certificate file that is signed by a Certificate Authority.
 <2> Path to the private key that was used to sign {SmartProxyServer} certificate.
 <3> Path to the Certificate Authority bundle.
 +
-If you set a wildcard value `*` for the certificate's Common Name `CN =` in the `/root/{context}_cert/openssl.cnf` configuration file, you must add the `-t {certs-proxy-context}` option to the `katello-certs-check` command.
-+
-If the command is successful, it returns two `{certs-generate}` commands, one of which you must use to generate the certificate archive file for your {SmartProxyServer}.
-+
-.Example output of `katello-certs-check`
-[options="nowrap", subs="+quotes,attributes"]
-----
-Validation succeeded.
-
-To use them inside a NEW ${smart-proxy-capitalized}, run this command:
-  {certs-generate} --foreman-proxy-fqdn "${smart-proxy-capitalized}" \
-    --certs-tar "~/{smart-proxy-capitalized}-certs.tar" \
-    --server-cert "_/root/{smart-proxy-context}_cert/{smart-proxy-context}_cert.pem_" \
-    --server-key "_/root/{smart-proxy-context}_cert/{smart-proxy-context}_cert_key.pem_" \
-    --server-ca-cert "_/root/{smart-proxy-context}_cert/ca_cert_bundle.pem_" \
-
-To use them inside an EXISTING ${smart-proxy-capitalized}, run this command INSTEAD:
-  {certs-generate} --foreman-proxy-fqdn "${smart-proxy-capitalized}" \
-    --certs-tar "~/{smart-proxy-capitalized}-certs.tar" \
-    --server-cert "_/root/{smart-proxy-context}_cert/{smart-proxy-context}_cert.pem_" \
-    --server-key "_/root/{smart-proxy-context}_cert/{smart-proxy-context}_cert_key.pem_" \
-    --server-ca-cert "_/root/{smart-proxy-context}_cert/ca_cert_bundle.pem_" \
-    --certs-update-server
-----
-. On your {ProjectServer}, from the output of the `katello-certs-check` command, depending on your requirements, enter the `{certs-generate}` command that generates a certificate for a new or existing {SmartProxy}.
-+
-In this command, change `{smart-proxy-capitalized}` to the FQDN of your {SmartProxyServer}.
-+
 . Retain a copy of the `{foreman-installer}` command that the `{certs-generate}` command returns for deploying the certificate to your {SmartProxyServer}.
 +
 .Example output of `{certs-generate}`
@@ -75,7 +50,7 @@ _output omitted_
 +
 [options="nowrap", subs="+quotes,attributes"]
 ----
-# scp /root/{smart-proxy-context}_cert/_{smartproxy-example-com}_-certs.tar \
+# scp ~/_{smartproxy-example-com}_-certs.tar \
 root@_{smartproxy-example-com}_:/root/_{smartproxy-example-com}_-certs.tar
 ----
 . On your {SmartProxyServer}, to deploy the certificate, enter the `{foreman-installer}` command that the `{certs-generate}` command returns.
