<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css" style="display:none;"></style> </head> <body dir="ltr"> <div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;"> <p>Sam,</p> <p><br> </p> <p>I saw that option in the help, but didn't understand what it meant. I'll give that a try.</p> <p><br> </p> <p>Thank you very much for the reply and the help.</p> <p><br> </p> <p>Daryl </p> <br> <br> <div style="color: rgb(0, 0, 0);"> <hr tabindex="-1" style="display:inline-block; width:98%"> <div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> spacewalk-list-bounces@redhat.com <spacewalk-list-bounces@redhat.com> on behalf of Sam Sen <ssen@ariasystems.com><br> <b>Sent:</b> Thursday, May 5, 2016 8:15 AM<br> <b>To:</b> spacewalk-list@redhat.com<br> <b>Subject:</b> Re: [Spacewalk-list] [EXT] Issues with proxy and certificates</font> <div> </div> </div> <div>I ran into a similar issue. I ended up using the “—force-own-ca” flag. <div class=""><br class=""> </div> <div class=""><a href="https://www.redhat.com/archives/spacewalk-list/2011-December/msg00147.html" class="" id="LPlnk944959">https://www.redhat.com/archives/spacewalk-list/2011-December/msg00147.html</a></div> <div class=""><br class=""> <div class=""><br class=""> </div> <div class=""><br class=""> <div> <blockquote type="cite" class=""> <div class="">On May 5, 2016, at 8:53 AM, Daryl Rose <<a href="mailto:darylrose@outlook.com" class="">darylrose@outlook.com</a>> wrote:</div> <br class="Apple-interchange-newline"> <div class=""> <div id="divtagdefaultwrapper" class="" style="font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; font-size:12pt; background-color:rgb(255,255,255); font-family:Calibri,Arial,Helvetica,sans-serif"> <div class="" style="margin-top:0px; margin-bottom:0px">I am trying to stand up a proxy server. However, I am having issues with the certificate.</div> <div class="" style="margin-top:0px; margin-bottom:0px"><br class=""> </div> <div class="" style="margin-top:0px; margin-bottom:0px">I am using a CA signed certificate on the primary SW server. Proxy installation prompts me copy over three certificate items from the primary SW server.</div> <div class="" style="margin-top:0px; margin-bottom:0px"><br class=""> </div> <blockquote class="" style="margin:0px 0px 0px 40px; border:none; padding:0px"> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <div class="">[root@ ssl-build]# configure-proxy.sh</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <div class="">Using RHN parent (from /etc/sysconfig/rhn/up2date): <spacewalk server></div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <div class="">Using CA Chain (from /etc/sysconfig/rhn/up2date): /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <div class="">Please do copy your CA key and public certificate from <spacewalk server> to</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <div class="">/root/ssl-build directory. You may want to execute this command:</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <div class=""> scp 'root@<spacewalk server>:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}' /root/ssl-build</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> </blockquote> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <div class=""></div> <br class=""> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <div class="" style="margin-top:0px; margin-bottom:0px">I have <span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px">RHN-ORG-PRIVATE-SSL-KEY and RHN-ORG-TRUSTED-SSL-CERT, but I don't have a <span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px">rhn-ca-openssl.cnf file. If I try to install without that file I get the following error:</span></span></div> <div class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><br class=""> </span></div> <blockquote class="" style="margin:0px 0px 0px 40px; border:none; padding:0px"> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class="">ERROR: can't find a file that should have been created during an earlier step:</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class=""> /root/ssl-build/rhn-ca-openssl.cnf</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> </blockquote> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class=""></div> <br class=""> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <div class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px">So, I tried creating one using the rhn-ssl-tool command: </span></div> <div class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><br class=""> </span></div> <blockquote class="" style="margin:0px 0px 0px 40px; border:none; padding:0px"> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class="">rhn-ssl-tool --gen-ca --password=MY_CA_PASSWORD --dir="/root/ssl-build" \ </div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class="">--set-state="North Carolina" --set-city="Raleigh" --set-org="Example Inc." \</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class="">--set-org-unit="SSL CA Unit"</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> </blockquote> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class=""></div> <div class=""><br class=""> </div> However, this did not work. I get the following error: <p class="" style="margin-top:0px; margin-bottom:0px"></p> <div class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><br class=""> </span></div> <blockquote class="" style="margin:0px 0px 0px 40px; border:none; padding:0px"> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class="">ERROR: web server's SSL certificate generation/signing failed:</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class=""><br class=""> </div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class="">Using configuration from /root/ssl-build/rhn-ca-openssl.cnf</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class="">CA certificate and CA private key do not match</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class="">139757325297480:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:331:</div> <p class="" style="margin-top:0px; margin-bottom:0px"></p> </blockquote> <p class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span></span></p> <div class=""></div> <br class=""> <p class="" style="margin-top:0px; margin-bottom:0px"></p> <div class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px">Any way to get around this error? Can I create the rhn-ca-openssl.cnf file from the existing cert? </span></div> <div class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><br class=""> </span></div> <div class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px">Thank you.</span></div> <div class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"><br class=""> </span></div> <div class="" style="margin-top:0px; margin-bottom:0px"><span class="" style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px">Daryl</span></div> </div> <span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">_______________________________________________</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px"> <span class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; float:none; display:inline!important">Spacewalk-list mailing list</span><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px"> <a href="mailto:Spacewalk-list@redhat.com" class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">Spacewalk-list@redhat.com</a><br class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px"> <a href="https://www.redhat.com/mailman/listinfo/spacewalk-list" class="" style="font-family:Helvetica; font-size:12px; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px">https://www.redhat.com/mailman/listinfo/spacewalk-list</a></div> </blockquote> </div> <br class=""> </div> </div> </div> </div> </div> </body> </html>