<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Morning<br>
<br>
I need some help please. This morning I got this message on the
Spacewalk login:<br>
<br>
Your satellite certificate has expired. Please visit the following
link for steps on how to request or generate a new certificate: <a
href="https://access.redhat.com/knowledge/tools/satcert">https://access.redhat.com/knowledge/tools/satcert</a><a>
Your satellite enters restricted period in 7 day(s).<br>
<br>
So I followed the instructions here to get this resolved:<br>
<br>
https://fedorahosted.org/spacewalk/wiki/CertCreation<br>
<br>
Here is the steps I took:</a><br>
gpg --gen-key<br>
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation,
Inc.<br>
This is free software: you are free to change and redistribute it.<br>
There is NO WARRANTY, to the extent permitted by law.<br>
<br>
Please select what kind of key you want:<br>
(1) RSA and RSA (default)<br>
(2) DSA and Elgamal<br>
(3) DSA (sign only)<br>
(4) RSA (sign only)<br>
Your selection? 1<br>
RSA keys may be between 1024 and 4096 bits long.<br>
What keysize do you want? (2048) 4096<br>
Requested keysize is 4096 bits<br>
Please specify how long the key should be valid.<br>
0 = key does not expire<br>
<n> = key expires in n days<br>
<n>w = key expires in n weeks<br>
<n>m = key expires in n months<br>
<n>y = key expires in n years<br>
Key is valid for? (0) 3y<br>
Key expires at Thu 12 Jul 2018 10:51:46 AM BST<br>
Is this correct? (y/N) y<br>
<br>
GnuPG needs to construct a user ID to identify your key.<br>
<br>
Real name: Infrastructure_Team<br>
Email address: <a class="moz-txt-link-abbreviated" href="mailto:infrastructure@company.com">infrastructure@company.com</a><br>
Comment: Spacewalk Cert<br>
You selected this USER-ID:<br>
"Infrastructure_Team (Spacewalk Cert)
<a class="moz-txt-link-rfc2396E" href="mailto:infrastructure@company.com"><infrastructure@company.com></a>"<br>
<br>
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O<br>
You need a Passphrase to protect your secret key.<br>
<br>
can't connect to `/root/.gnupg/S.gpg-agent': No such file or
directory<br>
gpg-agent[12582]: directory `/root/.gnupg/private-keys-v1.d' created<br>
We need to generate a lot of random bytes. It is a good idea to
perform<br>
some other action (type on the keyboard, move the mouse, utilize the<br>
disks) during the prime generation; this gives the random number<br>
generator a better chance to gain enough entropy.<br>
We need to generate a lot of random bytes. It is a good idea to
perform<br>
some other action (type on the keyboard, move the mouse, utilize the<br>
disks) during the prime generation; this gives the random number<br>
generator a better chance to gain enough entropy.<br>
gpg: key C787B908 marked as ultimately trusted<br>
public and secret key created and signed.<br>
<br>
gpg: checking the trustdb<br>
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model<br>
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f,
1u<br>
gpg: next trustdb check due at 2018-07-12<br>
pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12]<br>
Key fingerprint = E0A9 C645 60C3 FAD1 4EE9 0388 1627 481B
C787 B908<br>
uid Infrastructure_Team (Spacewalk Cert)
<a class="moz-txt-link-rfc2396E" href="mailto:infrastructure@company.com"><infrastructure@company.com></a><br>
sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12]<br>
<br>
gpg --list-keys<br>
/root/.gnupg/pubring.gpg<br>
------------------------<br>
pub 1024D/F24F1B08 2002-04-23 [expired: 2004-04-22]<br>
uid Red Hat, Inc (Red Hat Network)
<a class="moz-txt-link-rfc2396E" href="mailto:rhn-feedback@redhat.com"><rhn-feedback@redhat.com></a><br>
<br>
pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12]<br>
uid Infrastructure_Team (Spacewalk Cert)
<a class="moz-txt-link-rfc2396E" href="mailto:infrastructure@company.com"><infrastructure@company.com></a><br>
sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12]<br>
<br>
[root@dc2pmzspw01 ~]# gpg --list-secret-keys<br>
/root/.gnupg/secring.gpg<br>
------------------------<br>
sec 4096R/3E092771 2015-07-13 [expires: 2018-07-12]<br>
uid Infrastructure Team (Spacewalk Cert)
<a class="moz-txt-link-rfc2396E" href="mailto:infrastructure@company.com"><infrastructure@company.com></a><br>
ssb 4096R/DCFD06A8 2015-07-13<br>
<br>
sec 4096R/C787B908 2015-07-13 [expires: 2018-07-12]<br>
uid Infrastructure_Team (Spacewalk Cert)
<a class="moz-txt-link-rfc2396E" href="mailto:infrastructure@company.com"><infrastructure@company.com></a><br>
ssb 4096R/113C619E 2015-07-13<br>
<br>
gpg --export -a C787B908 > spacewalk-key.gpg<br>
gpg --export-secret-keys -a C787B908 > spacewalk-secretkey.gpg<br>
<br>
gpg --keyring /etc/webapp-keyring-new.gpg --no-default-keyring
--import spacewalk-key.gpg spacewalk-secretkey.gpg<br>
gpg: keyring `/etc/webapp-keyring-new.gpg' created<br>
gpg: key C787B908: public key "Infrastructure_Team (Spacewalk Cert)
<a class="moz-txt-link-rfc2396E" href="mailto:infrastructure@company.com"><infrastructure@company.com></a>" imported<br>
gpg: key C787B908: already in secret keyring<br>
gpg: Total number processed: 2<br>
gpg: imported: 1 (RSA: 1)<br>
gpg: secret keys read: 1<br>
gpg: secret keys unchanged: 1<br>
<br>
mv /etc/webapp-keyring.gpg /etc/webapp-keyring-old.gpg<br>
mv /etc/webapp-keyring-new.gpg /etc/webapp-keyring.gpg<br>
<br>
gpg --keyring /etc/webapp-keyring.gpg --no-default-keyring
--list-keys<br>
/etc/webapp-keyring.gpg<br>
-----------------------<br>
pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12]<br>
uid Infrastructure_Team (Spacewalk Cert)
<a class="moz-txt-link-rfc2396E" href="mailto:infrastructure@company.com"><infrastructure@company.com></a><br>
sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12]<br>
<br>
./gen-oss-sat-cert.pl --orgid 1 --owner "Infrastructure_Team
(Spacewalk Cert) <a class="moz-txt-link-rfc2396E" href="mailto:infrastructure@company.com"><infrastructure@company.com></a>" --signer
C787B908 --output spacewalk-cert.cert --expires "2018-07-13
00:00:00" --slots 200000 --satellite-version spacewalk<br>
Passphrase:<br>
gpg: Signature made Mon 13 Jul 2015 11:07:12 AM BST using RSA key ID
C787B908<br>
gpg: Good signature from "Infrastructure_Team (Spacewalk Cert)
<a class="moz-txt-link-rfc2396E" href="mailto:infrastructure@company.com"><infrastructure@company.com></a>"<br>
Signatures validation succeeded.<br>
Certificate saved as tpgspacewalk-cert.cert<br>
<br>
rhn-satellite-activate --sanity-only --rhn-cert=spacewalk-cert.cert<br>
[no output]<br>
<br>
rhn-satellite-activate --disconnected --rhn-cert=spacewalk-cert.cert<br>
Certificate specifies 0 of virtualization_host_platform
entitlements.<br>
There are 3000 entitlements allocated to non-base org(s) (0
used).<br>
You might need to deallocate some entitlements from non-base
organization(s).<br>
You need to free 3000 entitlements to match the new certificate.<br>
In the WebUI, the entitlement is named Virtualization Host
Platform.<br>
Certificate specifies 0 of monitoring_entitled entitlements.<br>
There are 338 entitlements used by systems in the base (id 1)
organization,<br>
plus 3000 entitlements allocated to non-base org(s) (26 used).<br>
You might need to unentitle some systems in the base
organization,<br>
or deallocate some entitlements from non-base organization(s).<br>
You need to free 3338 entitlements to match the new certificate.<br>
In the WebUI, the entitlement is named Monitoring.<br>
Certificate specifies 0 of virtualization_host entitlements.<br>
There are 3000 entitlements allocated to non-base org(s) (0
used).<br>
You might need to deallocate some entitlements from non-base
organization(s).<br>
You need to free 3000 entitlements to match the new certificate.<br>
In the WebUI, the entitlement is named Virtualization Host.<br>
Certificate specifies 0 of provisioning_entitled entitlements.<br>
There are 338 entitlements used by systems in the base (id 1)
organization,<br>
plus 3000 entitlements allocated to non-base org(s) (26 used).<br>
You might need to unentitle some systems in the base
organization,<br>
or deallocate some entitlements from non-base organization(s).<br>
You need to free 3338 entitlements to match the new certificate.<br>
In the WebUI, the entitlement is named Provisioning.<br>
Activation failed, will now exit with no changes.<br>
<br>
<br>
I have tried several different settings in the ./gen-oss-sat-cert.pl
command but always the same.<br>
<br>
Can anybody help please?<br>
<br>
Thanks<br>
<br>
Kobus<br>
</body>
</html>
<br>
<p style="margin-right:0cm;margin-bottom:12pt;margin-left:0cm;border-collapse:collapse"><font color="#222222" face="Verdana, sans-serif"><span style="font-size:11px">Trustpay Global Limited is an authorised Electronic Money Institution regulated by the Financial Conduct Authority registration number 900043. Company No 07427913 Registered in England and Wales with registered address 130 Wood Street, London, EC2V 6DL, United Kingdom.</span></font></p><p style="margin-right:0cm;margin-bottom:12pt;margin-left:0cm;border-collapse:collapse"><font color="#222222" face="Verdana, sans-serif"><span style="font-size:11px">For further details please visit our website at <a href="http://www.trustpayglobal.com" target="_blank">www.trustpayglobal.com</a>.</span></font></p><p style="margin-right:0cm;margin-bottom:12pt;margin-left:0cm;border-collapse:collapse"><font color="#222222" face="Verdana, sans-serif"><span style="font-size:11px">The information in this email and any attachments are confidential and remain the property of Trustpay Global Ltd unless agreed by contract. It is intended solely for the person to whom or the entity to which it is addressed. If you are not the intended recipient you may not use, disclose, copy, distribute, print or rely on the content of this email or its attachments. If this email has been received by you in error please advise the sender and delete the email from your system. Trustpay Global Ltd does not accept any liability for any personal view expressed in this message.</span></font></p>