Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Authenticating API Calls

Interaction with the Satellite API requires authentication. You can download the Satellite Server CA certificate to your local host for use in each API request to provide SSL authentication. Each API request also requires a valid user name and password. Each of these is discussed in the following sections.

3.1. Using SSL Authentication
Copy link

Red Hat Satellite uses HTTPS, which provides a degree of encryption and identity verification when communicating with a Red Hat Satellite Server. Non-SSL communications are not supported by Satellite 6.
Each Red Hat Satellite Server uses a self signed certificate. This certificate acts as both the server certificate to verify the encryption key and the certificate authority (CA) to trust the identity of the Satellite Server. The following steps show how to set up a SSL authentication for the Satellite Server (in this case satellite6.example.com):
  1. Obtain a certificate from the Satellite Server with which you want to communicate (satellite6.example.com) using one of the following options:
    1. To obtain a certificate using SSH, run the following command: 
      $ scp root@satellite6.example.com:/var/www/html/pub/katello-server-ca.crt ./scp root@satellite6.example.com:/var/www/html/pub/katello-server-ca.crt ./scp root@satellite6.example.com:/var/www/html/pub/katello-server-ca.crt ./
      Copy to Clipboard Toggle word wrap
    2. If you execute the command directly on the Satellite Server, obtain a certificate from the locally available copy by running the following command: 
      $ cp /var/www/html/pub/katello-server-ca.crt ./
      Copy to Clipboard Toggle word wrap
    3. To obtain a certificate using HTTP, run the following command: 
      $ curl -O http://satellite6.example.com/pub/katello-server-ca.crtcurl -O http://satellite6.example.com/pub/katello-server-ca.crtcurl -O http://satellite6.example.com/pub/katello-server-ca.crt
      Copy to Clipboard Toggle word wrap

      Warning

      Retrieving a certificate using an unencrypted HTTP connection might present a security risk.
  2. Use the certificate on your client as a certificate authority to verify the identity of the Satellite Server: 
    $ curl -X GET -u sat_username:sat_password \curl -X GET -u sat_username:sat_password \curl -X GET -u sat_username:sat_password \curl -X GET -u sat_username:sat_password \curl -X GET -u sat_username:sat_password \
-H "Accept:application/json" --cacert katello-server-ca.crt \
https://satellite6.example.com/katello/api/organizationshttps://satellite6.example.com/katello/api/organizationshttps://satellite6.example.com/katello/api/organizations
    Copy to Clipboard Toggle word wrap
    GET is the default action and therefore -X GET attribute can be omitted here.
  3. Create a Network Security Services (NSS) database to store the certificate: 
    $ certutil -N -d sql:$HOME/.pki/nssdb
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.

Enter new password:
Re-enter password:
    Copy to Clipboard Toggle word wrap
    If the NSS database already exists you will be prompted for the password as follows: 
    Enter Password or Pin for "NSS Certificate DB":
    Copy to Clipboard Toggle word wrap
  4. Use the following command to permanently include the certificate in the NSS database: 
    $ certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "Red Hat Satellite" \
-i katello-server-ca.crt
    Copy to Clipboard Toggle word wrap
    This imports the certificate into the NSS database, which means you can omit the --cacert option for each request. You can test this as follows: 
    $ curl -X GET -u sat_username:sat_password https://satellite6.example.com/api/v2/hostscurl -X GET -u sat_username:sat_password https://satellite6.example.com/api/v2/hostscurl -X GET -u sat_username:sat_password https://satellite6.example.com/api/v2/hostscurl -X GET -u sat_username:sat_password https://satellite6.example.com/api/v2/hostscurl -X GET -u sat_username:sat_password https://satellite6.example.com/api/v2/hostscurl -X GET -u sat_username:sat_password https://satellite6.example.com/api/v2/hostscurl -X GET -u sat_username:sat_password https://satellite6.example.com/api/v2/hosts
{
    "total": 2,
    ...,
    "results": [
        ...
    ]
}
output omitted
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat