[Pulp-list] Possible to disable all client certificate checking?

[Matthias Dellweg]

I agree, that this is more a question of how pulp is used inside of
Katello. Can you please raise your question over at
https://community.theforeman.org/

On Wed, Feb 10, 2021 at 7:45 PM Brian Bouterse <bmbouter at redhat.com> wrote:

> Hi Don,
>
> Pulp by default doesn't use client certificate checking, so it's very
> possible. Really though if you're using Pulp through Katello, this is
> highly dependant on how Katello is a) configuring the webservers and b) if
> they would allow that configuration to occur. Unfortunately I don't know
> either of those things. :/
>
> Sorry I can't be of more help.
> -Brian
>
>
> On Tue, Feb 9, 2021 at 10:08 AM Don Hoover <dxh at yahoo.com> wrote:
>
>> I am using pulp/katello and the way katello is setup is all "protected"
>> repos are shared via https and setup with client cert checking
>> (subscription-manager), while all "unprotected" repos are shared via
>> unencrypted-http but no certificate checking.
>>
>> By default katello wants to use unprotected/unencrypted http for sharing
>> "kickstart" repos for clients to access to boot off of during the first
>> phase of kickstart.  Anaconda/kickstart can't use self-signed SSL certs
>> which I assume is what they were thinking, but https it works fine for
>> commercial certs.
>>
>> So I was wondering if there is a way to just disable all client cert
>> checking and then I can point the kickstart at the protected copy of the
>> repo instead.
>> _______________________________________________
>> Pulp-list mailing list
>> Pulp-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-list
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20210210/6bb4ca7b/attachment.htm>