2 Replies Latest reply on May 24, 2018 1:33 PM by Chad Johnson

    Is there blcli or other command to update Red Hat CDN Certificates?

    Chad Johnson

      The title pretty much says it all.

       

      We have both Red Hat Extended Lifecycle Support and Standard Support contracts.  Unfortunately these are restricted, by  Red Hat, via the use of individual certificates.  Since bladelogic only allows the configuration of a single cert this means we cannot use online catalogs with both ELS and Standard support.

       

      I know we *can* script it and use offline catalogs and the offline downloader, that is *not* what we want to do.

       

      Does anyone know if there is a command to update the certificates for Red Hat CDN?  I've checked the blcli guide and did not find anything nor did I find anything searching BMC Support or the forums.

       

      Thanks in advance!

        • 1. Re: Is there blcli or other command to update Red Hat CDN Certificates?
          Bill Robinson

          you didn't search very hard, it's the first result for 'redhat certificate': Update RedHat certificate paths in Patch Global Config

           

           

          so the answer is yes and no... there is a blcli command and this updates the redhat (or other) settings in the pgc.  however, unlike manually doing the update in the gui, the blcli command does not copy over the certs from where ever you say to the staging location on the file server (/patch/GlobalConstants/rh-ssl*) so the script above will also do that. but that won't fix your issues as i think the ELS stuff goes on top of the normal channels right ?

           

          another alternative that may work is hacking up the yum_metadata_generator.sh script that's in the support-files jar.  this is what actually does all the work in the cuj.  i made some edits to it so that it ignores whatever is in the generated catalog-generated repo file and instead uses the 'rct' command to find the cert in /etc/pki/entitlements that contains each channel and then updates the repo file w/ the right cert.  unfortunately i don't have a multi-cert entitlement to test that out in.  and of course that's way off the supported track....

          • 2. Re: Is there blcli or other command to update Red Hat CDN Certificates?
            Chad Johnson

            Thanks Bill.  I seriously search a number of phrases in BMC Support, communities, etc.  None returned any result at all. 

             

            This will give me what I need.  Thanks a ton.