Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Plugin does not work if Proxy has self signed SSL cerificate #113

Open
chelapurath opened this issue Sep 9, 2016 · 5 comments
Open

Plugin does not work if Proxy has self signed SSL cerificate #113

chelapurath opened this issue Sep 9, 2016 · 5 comments

Comments

@chelapurath
Copy link

chelapurath commented Sep 9, 2016

For RHEL subscription there is level of security check for SSL certificate
/etc/rhsm.conf
# Set to 1 to disable certificate validation:
insecure = 0/1
even if proxy configuration are set via plugin, registration fails

@LalatenduMohanty
Copy link
Contributor

@chelapurath Are you able to make it work with changing bits in /etc/rhsm.conf?

@chelapurath
Copy link
Author

Yes, I was able to get the Registration working. It is fragile, and give me error sometimes even though the registration happened. So I do a vagrant reload once registration is completed and thus get the rest of the configuration done.

@JaredBurck
Copy link

JaredBurck commented Sep 22, 2016

@LalatenduMohanty @chelapurath From the CDK 2.2 Release Notes and Known Issues [1], 3.1.9. The vagrant-registration Plugin Does Not Work with Proxy and Self-Signed TLS Certificate. This looks like the known issue you have described.

[1] https://access.redhat.com/documentation/en/red-hat-container-development-kit/2.2/single/release-notes-and-known-issues/#the_literal_vagrant_registration_literal_plugin_does_not_work_with_proxy_and_self_signed_tsl_certificate

@brgnepal
Copy link
Contributor

Yes @JaredBurck

@nebffa
Copy link

nebffa commented Jun 8, 2021

This plugin gets in early and we can't run a script before it to set the insecure setting, or add our own certificates to the root store. It would probably be easiest if it supported setting the insecure flag for the subscription manager.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants