[Pulp-list] Possible to disable all client certificate checking?
Brian Bouterse
bmbouter at redhat.com
Wed Feb 10 18:44:35 UTC 2021
Hi Don,
Pulp by default doesn't use client certificate checking, so it's very
possible. Really though if you're using Pulp through Katello, this is
highly dependant on how Katello is a) configuring the webservers and b) if
they would allow that configuration to occur. Unfortunately I don't know
either of those things. :/
Sorry I can't be of more help.
-Brian
On Tue, Feb 9, 2021 at 10:08 AM Don Hoover <dxh at yahoo.com> wrote:
> I am using pulp/katello and the way katello is setup is all "protected"
> repos are shared via https and setup with client cert checking
> (subscription-manager), while all "unprotected" repos are shared via
> unencrypted-http but no certificate checking.
>
> By default katello wants to use unprotected/unencrypted http for sharing
> "kickstart" repos for clients to access to boot off of during the first
> phase of kickstart. Anaconda/kickstart can't use self-signed SSL certs
> which I assume is what they were thinking, but https it works fine for
> commercial certs.
>
> So I was wondering if there is a way to just disable all client cert
> checking and then I can point the kickstart at the protected copy of the
> repo instead.
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20210210/3b26fc13/attachment.htm>
More information about the Pulp-list
mailing list