<html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> Hey No idea tbh. All RedHat documentation refers to a CA cert with that specific name (<a href="https://access.redhat.com/articles/433903">example</a>), google then led me to the link I sent. I suppose the cert normally gets installed when you register the system directly with subscription manager instead of manually on the RHN portal. Regards, Jeremy <div class="moz-cite-prefix">Tony Dufour schreef op 16/03/2015 om 16:01: </div> <blockquote cite="mid:CE04D5EE40761640901B4339F0FCE986C7D8E8B4@A1GTOEMBXV007.gto.a3c.atos.net" type="cite"> <pre wrap="">Hello Jeremy, It works !!!! Thanks to the CA cert you provided. Can you please just explain me why it's not working with the CA Cert provided on RHEL system and how can I do if I want to get this certificate by myself on Red Hat portal ? Thanks a lot for finding the issue ! Regards, Tony -----Original Message----- From: <a class="moz-txt-link-abbreviated" href="mailto:spacewalk-list-bounces@redhat.com">spacewalk-list-bounces@redhat.com</a> [<a class="moz-txt-link-freetext" href="mailto:spacewalk-list-bounces@redhat.com">mailto:spacewalk-list-bounces@redhat.com</a>] On Behalf Of Jeremy Maes Sent: lundi 16 mars 2015 15:48 To: <a class="moz-txt-link-abbreviated" href="mailto:spacewalk-list@redhat.com">spacewalk-list@redhat.com</a> Subject: Re: [Spacewalk-list] Spacewalk channel with RHSM repo CA cert: <a class="moz-txt-link-freetext" href="https://github.com/Katello/katello/blob/master/ca/redhat-uep.pem">https://github.com/Katello/katello/blob/master/ca/redhat-uep.pem</a> Regards, Jeremy Tony Dufour schreef op 16/03/2015 om 15:15: </pre> <blockquote type="cite"> <pre wrap="">Hello Paul, Yes I imported the certificate just as I downloaded (with CERTIFICATE, ENTITLEMENT DATA, RSA SIGNATURE, RSA PRIVATE KEY parts) and with type "SSL" in Spacewalk. In my repository I use this certificate as client cert and private key, and I set CA to RHNS-CA-CERT found on my system (/usr/share/rhn). Thanks for your answer. Tony -----Original Message----- From: <a class="moz-txt-link-abbreviated" href="mailto:spacewalk-list-bounces@redhat.com">spacewalk-list-bounces@redhat.com</a> [<a class="moz-txt-link-freetext" href="mailto:spacewalk-list-bounces@redhat.com">mailto:spacewalk-list-bounces@redhat.com</a>] On Behalf Of Paul Robert Marino Sent: lundi 16 mars 2015 14:26 To: <a class="moz-txt-link-abbreviated" href="mailto:spacewalk-list@redhat.com">spacewalk-list@redhat.com</a> Subject: Re: [Spacewalk-list] Spacewalk channel with RHSM repo did you set the cert as both the client cert and the key? On Mon, Mar 16, 2015 at 8:44 AM, Tony Dufour <a class="moz-txt-link-rfc2396E" href="mailto:Tony.Dufour@gemalto.com"><Tony.Dufour@gemalto.com></a> wrote: </pre> <blockquote type="cite"> <pre wrap="">Hello Thomas, I have no reposync.conf file on my Spacewalk server. The command I use is : [root@host reposync]# /usr/bin/spacewalk-repo-sync -c test_rhn-6-x86_64 Thanks for your help. Regards. From: <a class="moz-txt-link-abbreviated" href="mailto:spacewalk-list-bounces@redhat.com">spacewalk-list-bounces@redhat.com</a> [<a class="moz-txt-link-freetext" href="mailto:spacewalk-list-bounces@redhat.com">mailto:spacewalk-list-bounces@redhat.com</a>] On Behalf Of Thomas Foster Sent: lundi 16 mars 2015 12:48 To: <a class="moz-txt-link-abbreviated" href="mailto:spacewalk-list@redhat.com">spacewalk-list@redhat.com</a> Subject: Re: [Spacewalk-list] Spacewalk channel with RHSM repo What is your reposync command, can you post your reposync.conf file? On Mar 16, 2015 4:37 AM, "Tony Dufour" <a class="moz-txt-link-rfc2396E" href="mailto:Tony.Dufour@gemalto.com"><Tony.Dufour@gemalto.com></a> wrote: Hello, Waldirio, I have as many subscriptions has needed for my servers. I have “Up to 1 guest” for physical servers and “Unlimited guest” for hypervisors which a running virtual servers. I enrolled my Spacewalk with a “Up to 1 guest” subscription, is there a known difference between subscriptions that may result in my issue ? Thomas, I checked the url with wget and when editing the “index.html” that I get, I can see the “repodata” href in html code. So I guess the url is correct ? Thank you both for you help, Regards, Tony From: <a class="moz-txt-link-abbreviated" href="mailto:spacewalk-list-bounces@redhat.com">spacewalk-list-bounces@redhat.com</a> [<a class="moz-txt-link-freetext" href="mailto:spacewalk-list-bounces@redhat.com">mailto:spacewalk-list-bounces@redhat.com</a>] On Behalf Of Thomas Foster Sent: dimanche 15 mars 2015 12:25 To: <a class="moz-txt-link-abbreviated" href="mailto:spacewalk-list@redhat.com">spacewalk-list@redhat.com</a> Subject: Re: [Spacewalk-list] Spacewalk channel with RHSM repo Check the url and make sure you are not using a url too deep in the path where spacewalk cant see the repomd.xml file. Your url should point to the directory before those files. On Mar 14, 2015 11:01 PM, "Waldirio Manhães Pinheiro" <a class="moz-txt-link-rfc2396E" href="mailto:waldirio@gmail.com"><waldirio@gmail.com></a> wrote: Hello Tony Just to clarify, you have one subscription of RHEL and would like to sync RHEL packages to your SW, that's correct ?! Take Care ______________ Atenciosamente Waldirio msn: <a class="moz-txt-link-abbreviated" href="mailto:waldirio@gmail.com">waldirio@gmail.com</a> Skype: waldirio Site: <a class="moz-txt-link-abbreviated" href="http://www.waldirio.com.br">www.waldirio.com.br</a> Blog: blog.waldirio.com.br LinkedIn: <a class="moz-txt-link-freetext" href="http://br.linkedin.com/pub/waldirio-pinheiro/22/b21/646">http://br.linkedin.com/pub/waldirio-pinheiro/22/b21/646</a> PGP: <a class="moz-txt-link-abbreviated" href="http://www.waldirio.com.br/public.html">www.waldirio.com.br/public.html</a> On Fri, Mar 13, 2015 at 12:41 PM, Tony Dufour <a class="moz-txt-link-rfc2396E" href="mailto:Tony.Dufour@gemalto.com"><Tony.Dufour@gemalto.com></a> wrote: Hello folks, I have an issue while setting up a Spacewalk channel based on a Red Hat Network repository with mutual auth. - I have valid Red Hat subscriptions in my Red Hat account - I have registered my Spacewalk 2.2 server, so I was able to export its entitlement certificate - I imported the entitlement certificate in Spacewalk (System > Kickstart > GPG and SSL Keys) - I also imported the RHNS CA Certificate in Spacewalk - I created a repository in Spacewalk with the following URL : <a class="moz-txt-link-freetext" href="https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os/">https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os/</a> - I configured the repository to use my RHNS CA Cert and Entitlement cert - I created a channel and linked it to this repository Now I try to perform my first “repo-sync” but it fails : [root@host reposync]# /usr/bin/spacewalk-repo-sync -c test_rhn-6-x86_64 #### Channel label: test_rhn-6-x86_64 #### Repo URL: <a class="moz-txt-link-freetext" href="https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os/">https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os/</a> ERROR: Cannot retrieve repository metadata (repomd.xml) for repository: test_rhn-6-x86_64. Please verify its path and try again Sync completed. Total time: 0:00:00 The repo-sync log file doesn’t help since it only log this standard output. I guess that my certificates works since I’m able to reach and authenticate on cdn.redhat.com using wget command : [root@host ~]# wget <a class="moz-txt-link-freetext" href="https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os/">https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os/</a> --certificate=/tmp/host.pem --ca-certificate=/usr/share/rhn/RHNS-CA-CERT --no-check-certificate --2015-03-13 16:38:51-- <a class="moz-txt-link-freetext" href="https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os/">https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os/</a> Resolving proxy.domain.com... 10.54.4.42 Connecting to proxy.domain.com |10.54.4.42|:9091... connected. WARNING: cannot verify cdn.redhat.com’s certificate, issued by “/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations <a class="moz-txt-link-abbreviated" href="mailto:Authority/emailAddress=ca-support@redhat.com">Authority/emailAddress=ca-support@redhat.com</a>”: Self-signed certificate encountered. Proxy request sent, awaiting response... 200 OK Length: 767 [text/html] Saving to: “index.html” 100%[===========================================================================================================================>] 767 --.-K/s in 0s 2015-03-13 16:38:51 (16.6 MB/s) - “index.html” saved [767/767] Anyone can help resolving this repo-sync problem ? Thanks anyone for your ideas or suggestions. Regards, Tony ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus. _______________________________________________ Spacewalk-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/spacewalk-list">https://www.redhat.com/mailman/listinfo/spacewalk-list</a> _______________________________________________ Spacewalk-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/spacewalk-list">https://www.redhat.com/mailman/listinfo/spacewalk-list</a> ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus. _______________________________________________ Spacewalk-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/spacewalk-list">https://www.redhat.com/mailman/listinfo/spacewalk-list</a> ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus. _______________________________________________ Spacewalk-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/spacewalk-list">https://www.redhat.com/mailman/listinfo/spacewalk-list</a> </pre> </blockquote> <pre wrap="">_______________________________________________ Spacewalk-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/spacewalk-list">https://www.redhat.com/mailman/listinfo/spacewalk-list</a> ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus. _______________________________________________ Spacewalk-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/spacewalk-list">https://www.redhat.com/mailman/listinfo/spacewalk-list</a> </pre> </blockquote> <pre wrap=""> **** DISCLAIMER **** <a class="moz-txt-link-freetext" href="http://www.schaubroeck.be/maildisclaimer.htm">http://www.schaubroeck.be/maildisclaimer.htm</a> _______________________________________________ Spacewalk-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/spacewalk-list">https://www.redhat.com/mailman/listinfo/spacewalk-list</a> ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus. </pre> </blockquote> **** DISCLAIMER **** <a style="color: #002E6D" href="http://www.schaubroeck.be/maildisclaimer.htm">http://www.schaubroeck.be/maildisclaimer.htm</a> </body> </html>