Note: The certificates are constantly refreshed and must be updated in Artifactory to maintain access to the remote repository. If the RedHat CDN certificate is invalid after a specific period in Artifactory it results in a forbidden error (403). This article provides more information on the process. For example, the certificate named “rhel8” was refreshed and a 403 error was returned from Red Hat.
Using the UI, we can add a NEW certificate (with a different name), but not edit the current one. After adding a new certificate, the remote repository has to be updated to point to the NEW certificate. To update the certificate without reconfiguring the RPM Remote Repository in Artifactory (and only update the content of the existing certificate), the certificate can be overwritten using Add Certificate REST API when using the same name. After re-register using the subscription-manager client to generate fresh certificates, the certificate can be concatenated using the below command:
cat <ID>-key.pem <ID>.pem > <CERT_NAME>.pem
For example: cat 3491448195788779942-key.pem 3491448195788779942.pem > rhel8.pem
Then the below command can be used to overwrite the current certificate in Artifactory: curl -XPOST -u<USER>:<PASSWORD> https://<ARTIFACTORY_URL>/artifactory/api/system/security/certificates/<CERT_NAME_IN_ARTIFACTORY> -T <CERT_NAME>.pem
Using the “Test” button in the repository configuration, we can verify that the certificate was updated successfully: