Fixes #17379: Fix use of ca_cert_file for Candlepin communication

[ehelms]

No description provided.

[mention-bot]

@ehelms, thanks for your PR! By analyzing the history of the files in this pull request, we identified @jlsherrill, @komidore64 and @johnpmitsch to be potential reviewers.

[ehelms]

To test this, you will need to 'untrust' our CA on the test box. One way to do this is:

mkdir ~/tmp-anchors
mv /etc/pki/ca-trust/source/anchors/* ~/tmp-anchors
update-ca-trust

Now you can go test creating an Activation key for example and it should fail with SSL verify errors. You can then check out this patch and update foreman/config/settings.plugins.d/katello.yaml to add to the :candlepin: section:

:ca_cert_file: /etc/pki/katello/certs/katello-default-ca.crt

Then restart your web server to pickup the new configuration and retry creating an Activation key. To put your system back together:

mv ~/tmp-anchors/* /etc/pki/ca-trust/source/anchors/
update-ca-trust

There is a puppet change associated to deploy this configuration value from here on out -- theforeman/puppet-katello#154

[jlsherrill]

rubocop failure, way to go hound!

[ehelms]

Updated and rebased from refactoring of the Ping model

[jlsherrill]

ACK