I agree, that this is more a question of how pulp is used inside of Katello. Can you please raise your question over at https://community.theforeman.org/
On Wed, Feb 10, 2021 at 7:45 PM Brian Bouterse <[email protected]> wrote: > Hi Don, > > Pulp by default doesn't use client certificate checking, so it's very > possible. Really though if you're using Pulp through Katello, this is > highly dependant on how Katello is a) configuring the webservers and b) if > they would allow that configuration to occur. Unfortunately I don't know > either of those things. :/ > > Sorry I can't be of more help. > -Brian > > > On Tue, Feb 9, 2021 at 10:08 AM Don Hoover <[email protected]> wrote: > >> I am using pulp/katello and the way katello is setup is all "protected" >> repos are shared via https and setup with client cert checking >> (subscription-manager), while all "unprotected" repos are shared via >> unencrypted-http but no certificate checking. >> >> By default katello wants to use unprotected/unencrypted http for sharing >> "kickstart" repos for clients to access to boot off of during the first >> phase of kickstart. Anaconda/kickstart can't use self-signed SSL certs >> which I assume is what they were thinking, but https it works fine for >> commercial certs. >> >> So I was wondering if there is a way to just disable all client cert >> checking and then I can point the kickstart at the protected copy of the >> repo instead. >> _______________________________________________ >> Pulp-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/pulp-list > > _______________________________________________ > Pulp-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pulp-list
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
