<div dir="ltr">Amedeo,<br><div><br></div><div>I found the rpm cert package in /root/ssl-build. I copied that over to my server, installed and tested. BTW, the client that I am working with is a VM, so I just easily rolled back the snapshot and I once again had a clean client to test with.</div><div><br></div><div>I installed the cert attempted to run rhn_check -vv, and I received the exact same error that I've been having. I modified /etc/sysconfig/rhn/up2date, removing the "s" off of the url, tested and all works as pior. </div><div><br></div><div>This tells me there is in fact a bug. For whatever reason the cert is not being used. Which is fine with me now that I know how to work around it.</div><div><br></div><div>Thank you.</div><div><br></div><div>Daryl</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 12, 2014 at 1:00 PM, Amedeo Salvati <span dir="ltr"><<a href="mailto:amedeo@oscert.net" target="_blank">amedeo@oscert.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Daryl, sorry but I haven't see your previus email, but the answer
you get -> scp RHN-ORG-TRUSTED-SSL-CERT from spacewalk it's
another solution! <br>
<br>
to better understand the file RHN-ORG-TRUSTED-SSL-CERT generated
during installation it's the CA key that you have to put on path: <br>
<br>
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT<br>
<br>
on the other hand, instead of scp above file, you can install rpm
rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm that inside of it there
are the same file RHN-ORG-TRUSTED-SSL-CERT, so you can choose,
usually on bootstrap script to use rpm or to use text file -> I
prefer to use rpm on rpm systems (rhel, centos, suse...), but repeat
if you have copied that file using scp is the same result!<br>
<br>
best regards<br>
Amedeo Salvati<br>
<br>
<div>Il 12/11/2014 18:14, Daryl Rose ha
scritto:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Amedeo,<br>
<div><br>
</div>
<div>This is not any any documentation that I can find. As a
matter of fact, when I first started working on this, I ran
into an error about RHN-ORG-TRUSTED-SSL-CERT. I posted a
question to this list, and a person replied back telling me
that I needed to scp RHN-ORG-TRUSTED-SSL-CERT from the SW
server to the client. That resolved that particular error,
but no where have I found that I need to install an additional
rpm.</div>
<div><br>
</div>
<div>I will install it and test.</div>
<div><br>
</div>
<div>Thank you.</div>
<div><br>
</div>
<div>Daryl</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Nov 12, 2014 at 9:58 AM, Amedeo
Salvati <span dir="ltr"><<a href="mailto:amedeo@oscert.net" target="_blank">amedeo@oscert.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div> Daryl this seem that you haven't imported your
spacewalk ssl keys, usually under pub directory of your SW
server you can find two files:<br>
<br>
RHN-ORG-TRUSTED-SSL-CERT<br>
rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm<br>
<br>
install rpm on your spacewalk clients, and then your
clients has this ssl key under:<br>
<br>
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT<br>
<br>
and with this you can use https communications between
spacewalk server and clients... -> with this is more
safe if you have provision entitlements and want to
execute on real time scripts (communication goes through
http over ssl)<br>
<br>
Best Regards<br>
Amedeo Salvati<br>
<br>
<br>
<div><span style="font-family:Arial;font-size:11px;color:#5f5f5f">Da</span><span style="font-family:Arial;font-size:12px;color:#5f5f5f;padding-left:5px">:
<a href="mailto:spacewalk-list-bounces@redhat.com" target="_blank">spacewalk-list-bounces@redhat.com</a></span></div>
<div><span style="font-family:Arial;font-size:11px;color:#5f5f5f">A</span><span style="font-family:Arial;font-size:12px;color:#5f5f5f;padding-left:5px">:
<a href="mailto:Spacewalk-list@redhat.com" target="_blank">Spacewalk-list@redhat.com</a></span></div>
<div><span style="font-family:Arial;font-size:11px;color:#5f5f5f">Cc</span><span style="font-family:Arial;font-size:12px;color:#5f5f5f;padding-left:5px">:
</span></div>
<div><span style="font-family:Arial;font-size:11px;color:#5f5f5f">Data</span><span style="font-family:Arial;font-size:12px;color:#5f5f5f;padding-left:5px">:
Wed, 12 Nov 2014 09:33:43 -0600</span></div>
<div><span style="font-family:Arial;font-size:11px;color:#5f5f5f">Oggetto</span><span style="font-family:Arial;font-size:12px;color:#5f5f5f;padding-left:5px">:
[Spacewalk-list] I can now update CentOS</span></div>
<br>
<div>
<div dir="ltr">> Previous questions were about the
failure of updating CentOS from the Spacewalk server.
I was getting the following error:
<div><br>
</div>
<div>> local action status: ((6,), 'Fatal error in
Python code occurred', {})</div>
<div><br>
</div>
<div>> I searched and searched and searched, posted
questions and no one was able to answer the question
on what the error was, and how to resolve it. </div>
<div><br>
</div>
<div>> The only reply that I received on this board
was that this was a bug that had been fixed in RH
Satellite Server, but apparently not in Spacewalk. </div>
<div><br>
</div>
<div>> Perhaps this is a known bug that was
only fixed in RH Satellite and not addressed in SW
because I found other postings with the exact same
issue. These postings go back for over a year, so I
know this has been an issue for sometime. Almost
all of these posts have the same replies: execute a
yum clean all, update yum, etc... I did all of that
as well as did the others in who have the same
issue. Stop/start the satellite server etc....</div>
<div><br>
</div>
<div>> Finally, I found a posting by a guy who
jumped through all of the hoops, as had I, but
finally found out that removing the "s" from the
<a>https://</a><sp-walk server> in
/usr/sysconfig/rhn/up2date resolved the issue.</div>
<div><br>
</div>
<div>> I successfully updated my CentOS 6.5 server.</div>
<div><br>
</div>
<div>> Thank you</div>
<div><br>
</div>
<div>> Daryl</div>
<div>
<div><br>
</div>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Spacewalk-list mailing list<br>
<a href="mailto:Spacewalk-list@redhat.com" target="_blank">Spacewalk-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/spacewalk-list" target="_blank">https://www.redhat.com/mailman/listinfo/spacewalk-list</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Spacewalk-list mailing list
<a href="mailto:Spacewalk-list@redhat.com" target="_blank">Spacewalk-list@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/spacewalk-list" target="_blank">https://www.redhat.com/mailman/listinfo/spacewalk-list</a></pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
Spacewalk-list mailing list<br>
<a href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/spacewalk-list" target="_blank">https://www.redhat.com/mailman/listinfo/spacewalk-list</a><br></blockquote></div><br></div>