How to load several different CAs into a SUSE Manager 5.x proxy
This document (000021876) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Manager 5 Proxy
Situation
Because of special requirements more than one Certificate Authorities (CA) should be loaded into the SUSE Manager 5 Proxy setup. Connections from an unsupported CA fail with a CERTIFICATE_VERIFY_FAILED error similar to:
85f544770986 [proxy-broker] [Wed Apr 30 12:26:07 2025] [error] [pid 61] src/server/wsgi_logger.c(147): [client IP-ADDR:45914] ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:860)Resolution
On the proxy, create or edit /etc/systemd/system/uyuni-proxy-httpd.service.d/custom.conf and separate the different CA files using the -v option as shown in the following example:
[Service]
Environment=HTTPD_EXTRA_CONF="-v /etc/pki/trust/anchors/CA-EXTRA-CERT1:/etc/pki/trust/anchors/CA-EXTRA-CERT1:ro -v /etc/pki/trust/anchors/CA-EXTRA-CERT2:/etc/pki/trust/anchors/CA-EXTRA-CERT2:ro -v /etc/pki/trust/anchors/CA-EXTRA-CERT3:/etc/pki/trust/anchors/CA-EXTRA-CERT3:ro"When done, execute:
systemctl daemon-reload
mgrpxy restartto mount the CA-EXTRA-CERT from host to the container and restart the proxy service.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021876
- Creation Date: 16-Jun-2025
- Modified Date:01-Jul-2025
-
- SUSE Manager Proxy
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
