<div dir="ltr">Hi Robert,<div> </div><div>Thanks for the tips. Was able to login to the postgresql db with the credentials stored on the rhn.conf file. Tried to delete the referenced ky but I think the error is legit, as postgresql is enforcing a key constraint on the two tables so as not to have inconsistent keys. I dug into the table and I see that are are other keys inserted which I think were the ones I made and installed when I installed the newly-built rpms. I now think I don't need to do this step (delete the key) and look for another solution.</div><div> </div><div> </div><div>I got another lead though which might get me to the bottom of this issue. I've followed the article on red hat titled "SSL certificate validation failure when attempting to register against RHN". One of the troubleshooting steps is to check the SSL certificate chain. Turns out I have a self-signed certificate in my chain which was causing verification issues.</div><div> </div><div>Anyone experiencing the same and have tips on how to resolve it?</div><div> </div><div>Kind regards,</div><div>Francis</div></div><div class="gmail_extra"> <div class="gmail_quote">On Tue, Jul 18, 2017 at 4:36 AM, Robert Paschedag <<a href="mailto:robert.paschedag@web.de" target="_blank">robert.paschedag@web.de</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">Am 17. Juli 2017 16:16:50 MESZ schrieb "Paschedag, Robert" <<a href="mailto:paschedag.netlution@swr.de">paschedag.netlution@swr.de</a>>: >The credentials for the postgres db should be stored within >/etc/rhn/rhn.conf on the satellite server. > >By default, this is > >User: rhnuser >PW: rhnpw >DB: rhnschema > >So..switching to user postgres > >Su – postgres > >And > >psql -U <user> -d <DB> > >and entering password should give you access. > >There is also a command to “set” the password > > > > >Mit freundlichen Grüßen > >Robert Paschedag >Netlution GmbH >Landteilstr. 33 >68163 Mannheim > >im Auftrag des >SWR >Südwestrundfunk >HA IT, Medientechnik und Programmverbreitung >Neckarstraße 230 >70190 Stuttgart > >Telefon <a href="tel:%2B49%20%280%29711%20%2F929-12654" value="+4971192912654">+49 (0)711 /929-12654</a> oder >Telefon <a href="tel:%2B49%20%280%29711%20%2F929-13714" value="+4971192913714">+49 (0)711 /929-13714</a> ><a href="mailto:paschedag.netlution@swr.de">paschedag.netlution@swr.de</a> > ><a href="http://swr.de" rel="noreferrer" target="_blank">swr.de</a> > >Von: <a href="mailto:spacewalk-list-bounces@redhat.com">spacewalk-list-bounces@redhat.com</a> >[mailto:<a href="mailto:spacewalk-list-bounces@redhat.com">spacewalk-list-bounces@redhat.com</a>] Im Auftrag von Vipul Sharma >(GDC) >Gesendet: Montag, 17. Juli 2017 14:12 >An: Francis Lee Mondia <<a href="mailto:endace.francis.mondia@gmail.com">endace.francis.mondia@gmail.com</a>> >Cc: <a href="mailto:spacewalk-list@redhat.com">spacewalk-list@redhat.com</a> >Betreff: Re: [Spacewalk-list] Spacewalk 2.1 | SSL Certificate Invalid >when using HTTPS for host registration > >Hey, >Do you remember the password you used when creating the DB - Please try >this password given below - > >Database - spaceschema > >Username - spaceuser > >Password - spacepw > > >#psql DBNAME USERNAME > >On Mon, Jul 17, 2017 at 4:45 PM, Francis Lee Mondia </div></div>><<a href="mailto:endace.francis.mondia@gmail.com">endace.francis.mondia@gmail.com</a><mailto:<a href="mailto:endace.francis.mondia@gmail.com">endace.francis.mondia@gmail.com</a>>> >wrote: >Hi Vipul, > >Yes, the service is running as evidenced by the output. The problem as >shown in the error message was that postgres actually can't update or >delete the table stated due to a foreign key constraint validation on a >table. > >There's a post on the list about it and the recommendation was to >remove it. Any ideas how to remove it from the DB? I'd actually like to >log-in to postgres and delete this key being referenced (assuming I >know the password for postgres). > >Kind regards, >Francis > >On Mon, Jul 17, 2017 at 10:23 PM, Vipul Sharma (GDC) ><<a href="mailto:sharma.vipul@in.g4s.com">sharma.vipul@in.g4s.com</a><mailto:<a href="mailto:sharma.vipul@in.g4s.com">sharma.vipul@in.g4s.com</a>>> wrote: >Hey, >When you are running step 8 - Make sure spacewalk service is running, >I'm hoping you've must have stopped the service. Service is important >to push the data to postgres. >Thanks > V > >On Mon, Jul 17, 2017 at 3:28 PM, Francis Lee Mondia ><<a href="mailto:endace.francis.mondia@gmail.com">endace.francis.mondia@gmail.com</a><mailto:<a href="mailto:endace.francis.mondia@gmail.com">endace.francis.mondia@gmail.com</a>>> >wrote: >Hi Vipul, > >Thanks for the response. > >Still the same, I'm failing on step 8 on this guide >(<a href="https://github.com/spacewalkproject/spacewalk/wiki/ChangeCaCert" rel="noreferrer" target="_blank">https://github.com/spacewalkproject/spacewalk/wiki/ChangeCaCert</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fspacewalkproject%2Fspacewalk%2Fwiki%2FChangeCaCert&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=6uTbKGUyx0DTFigKnfdy2kpc2bbLjoESTWBn%2BucL9to%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fspacewalkproject%2Fspacewalk%2Fwiki%2FChangeCaCert&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=6uTbKGUyx0DTFigKnfdy2kpc2bbLjoESTWBn%2BucL9to%3D&reserved=0</a>>): <div><div class="h5">> >[root@spw01 ~]# rhn-ssl-dbstore -vvv --ca-cert >/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >Public CA SSL certificate: /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT > >ERROR: unhandled exception occurred: >Traceback (most recent call last): > File "/usr/bin/rhn-ssl-dbstore", line 43, in <module> > sys.exit(abs(mod.main() or 0)) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_ssl_dbstore.py", >line 79, in main >satCerts.store_rhnCryptoKey(values.label, values.ca_cert, >verbosity=values.verbose) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >line 673, in store_rhnCryptoKey > verbosity=verbosity) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >line 614, in _checkCertMatch_rhnCryptoKey > h.execute(rhn_cryptokey_id=rhn_cryptokey_id) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >line 153, in execute > return apply(self._execute_wrapper, (self._execute, ) + p, kw) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >line 290, in _execute_wrapper > retval = apply(function, p, kw) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >line 207, in _execute > return self._execute_(args, kwargs) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >line 309, in _execute_ > self._real_cursor.execute(self.sql, params) >psycopg2.IntegrityError: update or delete on table "rhncryptokey" >violates foreign key constraint "rhn_csssl_cacertid_fk" on table >"rhncontentsourcessl" >DETAIL: Key (id)=(1) is still referenced from table >"rhncontentsourcessl". > > >I think the issue is because the server's RHNS-CA-CERT is expired. I >found this </div></div>>[<a href="https://www.centos.org/forums/viewtopic.php?t=49388" rel="noreferrer" target="_blank">https://www.centos.org/forums/viewtopic.php?t=49388</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.centos.org%2Fforums%2Fviewtopic.php%3Ft%3D49388&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=aahJV2c4U9lhprmcK0t105rV6DLA6Gb7frlWWQUciA0%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.centos.org%2Fforums%2Fviewtopic.php%3Ft%3D49388&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=aahJV2c4U9lhprmcK0t105rV6DLA6Gb7frlWWQUciA0%3D&reserved=0</a>>] >but it's referencing a red hat article which is for RHEL 5. > >Where do I get an updated RHNS-CA-CERT? > >On Sun, Jul 16, 2017 at 10:53 AM, Vipul Sharma (GDC) ><<a href="mailto:sharma.vipul@in.g4s.com">sharma.vipul@in.g4s.com</a><mailto:<a href="mailto:sharma.vipul@in.g4s.com">sharma.vipul@in.g4s.com</a>>> wrote: >I completely forgot one thing -- > >In the above given command - --set-org-unit should be same as >--set-common-name. They should be the FQDN only. > >On Sun, Jul 16, 2017 at 4:20 AM, Vipul Sharma (GDC) ><<a href="mailto:sharma.vipul@in.g4s.com">sharma.vipul@in.g4s.com</a><mailto:<a href="mailto:sharma.vipul@in.g4s.com">sharma.vipul@in.g4s.com</a>>> wrote: >Hi Francis, > >In order to configure Spacewalk successfully - Follow these steps - > >Make sure your Hostname & FQDN are same. > >ex - HOSTNAME = ><a href="http://abc.abc.com" rel="noreferrer" target="_blank">abc.abc.com</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.abc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=VkXU9aiUQv7Ozusm1hYoZjkjdtmNIe80keWpY3Lb9vw%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.abc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948648506&sdata=VkXU9aiUQv7Ozusm1hYoZjkjdtmNIe80keWpY3Lb9vw%3D&reserved=0</a>> >FQDN = ><a href="http://abc.abc.com" rel="noreferrer" target="_blank">abc.abc.com</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.abc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Npd3Evj28Im5AkpcqdE3jYToagiDzUUOgxR3RTqHplI%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.abc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Npd3Evj28Im5AkpcqdE3jYToagiDzUUOgxR3RTqHplI%3D&reserved=0</a>> > >Now, > >Regenerate all the Certs & Keys -- > >* First change the hostname to FQDN > >/usr/bin/rhn-ssl-tool --gen-ca --set-country="abc" --set-state="abc" >--set-city="abc" --set-org="abc" >--set-org-unit="<a href="http://abc.com" rel="noreferrer" target="_blank">abc.com</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=IeWBvGsEH7IoYaHm74tn8Y1r9YOUFcoVhYQYLEmsxdM%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=IeWBvGsEH7IoYaHm74tn8Y1r9YOUFcoVhYQYLEmsxdM%3D&reserved=0</a>>" >--set-common-name="abc" >--set-email="<a href="http://admin.com" rel="noreferrer" target="_blank">admin.com</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fadmin.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Orc0yjfy2ky0BuNN1HXD6CKD1mLwtRnXtq7UFVONyT0%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fadmin.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Orc0yjfy2ky0BuNN1HXD6CKD1mLwtRnXtq7UFVONyT0%3D&reserved=0</a>>" >--force > >*To generate new web-server keys -- > >/usr/bin/rhn-ssl-tool --gen-server --set-country="abc" >--set-state="abc" --set-city="abc" --set-org="abc" >--set-org-unit="<a href="http://abc.com" rel="noreferrer" target="_blank">abc.com</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=IeWBvGsEH7IoYaHm74tn8Y1r9YOUFcoVhYQYLEmsxdM%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=IeWBvGsEH7IoYaHm74tn8Y1r9YOUFcoVhYQYLEmsxdM%3D&reserved=0</a>>" >--set-email="<a href="http://admin.com" rel="noreferrer" target="_blank">admin.com</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fadmin.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Orc0yjfy2ky0BuNN1HXD6CKD1mLwtRnXtq7UFVONyT0%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fadmin.com&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Orc0yjfy2ky0BuNN1HXD6CKD1mLwtRnXtq7UFVONyT0%3D&reserved=0</a>>" > >*How to update the changes made to CA and web-server -- > ><a href="https://github.com/spacewalkproject/spacewalk/wiki/ChangeCaCert" rel="noreferrer" target="_blank">https://github.com/spacewalkproject/spacewalk/wiki/ChangeCaCert</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fspacewalkproject%2Fspacewalk%2Fwiki%2FChangeCaCert&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=uCijKeCu2h4oEINDB7vqfknIdpFPYndnFqVZ%2B5Cr2DA%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fspacewalkproject%2Fspacewalk%2Fwiki%2FChangeCaCert&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=uCijKeCu2h4oEINDB7vqfknIdpFPYndnFqVZ%2B5Cr2DA%3D&reserved=0</a>> > >Thanks > V > >On Sun, Jul 16, 2017 at 2:00 AM, Francis Lee Mondia ><<a href="mailto:endace.francis.mondia@gmail.com">endace.francis.mondia@gmail.com</a><mailto:<a href="mailto:endace.francis.mondia@gmail.com">endace.francis.mondia@gmail.com</a>>> >wrote: >Hi Michael, > >Thanks for the reply! > >On the following suggestions: >1. Upgrade to latest version - definitely but I want to settle the SSL >issue first (might just do this next week though if SSL isn't resolved) >2. Spacewalk-hostname-rename >- I've done this but haven't resolved the issue. Had to google how to >install the certificate which led me to ><a href="https://access.redhat.com/solutions/10809" rel="noreferrer" target="_blank">https://access.redhat.com/solutions/10809</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Fsolutions%2F10809&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=kapJlAemcHWzc%2B3yMpcvzs2lq4JFZaR%2BmReUQpv%2FIdc%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Fsolutions%2F10809&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=kapJlAemcHWzc%2B3yMpcvzs2lq4JFZaR%2BmReUQpv%2FIdc%3D&reserved=0</a>> <div><div class="h5">>- Followed that guide in just installing the certificate (copying >rpms, re-installing, etc) but decided to do the the whole shebang >instead after encountering the same issue >- now I'm stuck with this: > >[root@spacewalkserver ~]# rhn-ssl-dbstore >--ca-cert=/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT -vvvvvvvv >Public CA SSL certificate: /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT >Nothing to do: certificate to be pushed matches certificate in >database. >Nothing to do: certificate to be pushed matches certificate in >database. > >ERROR: unhandled exception occurred: >Traceback (most recent call last): > File "/usr/bin/rhn-ssl-dbstore", line 43, in <module> > sys.exit(abs(mod.main() or 0)) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_ssl_dbstore.py", >line 79, in main >satCerts.store_rhnCryptoKey(values.label, values.ca_cert, >verbosity=values.verbose) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >line 673, in store_rhnCryptoKey > verbosity=verbosity) >File >"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", >line 614, in _checkCertMatch_rhnCryptoKey > h.execute(rhn_cryptokey_id=rhn_cryptokey_id) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >line 153, in execute > return apply(self._execute_wrapper, (self._execute, ) + p, kw) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >line 290, in _execute_wrapper > retval = apply(function, p, kw) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py", >line 207, in _execute > return self._execute_(args, kwargs) >File >"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", >line 309, in _execute_ > self._real_cursor.execute(self.sql, params) >psycopg2.IntegrityError: update or delete on table "rhncryptokey" >violates foreign key constraint "rhn_csssl_cacertid_fk" on table >"rhncontentsourcessl" >DETAIL: Key (id)=(1) is still referenced from table >"rhncontentsourcessl". > > >- I've found this: </div></div>>[<a href="https://www.redhat.com/archives/spacewalk-list/2016-January/msg00046.html" rel="noreferrer" target="_blank">https://www.redhat.com/archives/spacewalk-list/2016-January/msg00046.html</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Farchives%2Fspacewalk-list%2F2016-January%2Fmsg00046.html&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=aObzHeFK8Cnmze6MkZeMTptWi%2BUK6CJyqvwRi8hBJkQ%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Farchives%2Fspacewalk-list%2F2016-January%2Fmsg00046.html&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=aObzHeFK8Cnmze6MkZeMTptWi%2BUK6CJyqvwRi8hBJkQ%3D&reserved=0</a>>] >which states I should remove the assignment first. THIS I DON'T KNOW >HOW TO DO. >- I think it's this >[<a href="http://gatwards.org/techblog/replacing-spacewalk-ssl-certificates" rel="noreferrer" target="_blank">http://gatwards.org/techblog/replacing-spacewalk-ssl-certificates</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgatwards.org%2Ftechblog%2Freplacing-spacewalk-ssl-certificates&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Nfw6HCtk99eotgWR%2Bsh5DxM0UUKUrh21Z3wOTH24kcQ%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgatwards.org%2Ftechblog%2Freplacing-spacewalk-ssl-certificates&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=Nfw6HCtk99eotgWR%2Bsh5DxM0UUKUrh21Z3wOTH24kcQ%3D&reserved=0</a>>] >shows how to do it but I'm adamant to delete the only pair on it. I've >deleted all expired certs before. > >Thanks in advance. > >Kind regards, >Francis > >On Fri, Jul 14, 2017 at 11:35 PM, Michael Mraka <div><div class="h5">><<a href="mailto:michael.mraka@redhat.com">michael.mraka@redhat.com</a><mailto:<a href="mailto:michael.mraka@redhat.com">michael.mraka@redhat.com</a>>> wrote: >Francis Lee Mondia: >> Hi All, >> >> Sorry for this seemingly noob question but I'm new to spacewalk and >just >> inherited a system which was not being used for about 2 years and now >I've >> been tasked to revive it. > >Hi, > >First of all I'd suggest upgrade to latest Spacewalk (2.6) because >there >were a lot of bugs fixed since then (including security issues). > >> So I've got the system running, updated the channels, repos and now >came >> the process of re-adding hosts to the system. I was being shown the >SSL >> certicate error as I think the certificate has expired. I can >register >> hosts fine without SSL, and can push package updates to hosts fine >without >> it. I do want to resolve this though moving forward. I've tried the >> numerous suggestions I can find (we have a red hat subscription so >was able >> to try their solutions too but none worked). > >Install spacewalk-utils package and run spacewalk-hostname-rename >script. >It will regenerate all SSL certs. > >> I'd also like to know though if upgrading spacewalk to a newer >version >> install a new SSL cert. When we first took a look at the system, we > >AFAIR upgrade will not change SSL certs. > >> couldn't log-in as the satellite certificate was expired and we had >to >> generate one from red hat support to be able to log back in. >> >> Hoping for some guidance on this from the community. >> >> Kind regards, >> Francis > >Regards, > > >-- >Michael Mráka >System Management Engineering, Red Hat > >_______________________________________________ >Spacewalk-list mailing list </div></div>><a href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a><mailto:<a href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a>> ><a href="https://www.redhat.com/mailman/listinfo/spacewalk-list" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/spacewalk-list</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Fmailman%2Flistinfo%2Fspacewalk-list&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=8wAw4%2BnmfT7kGNPIyFYDK64dBe3zs5vDIr8YFI%2BmS7c%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Fmailman%2Flistinfo%2Fspacewalk-list&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=8wAw4%2BnmfT7kGNPIyFYDK64dBe3zs5vDIr8YFI%2BmS7c%3D&reserved=0</a>> > > >_______________________________________________ >Spacewalk-list mailing list ><a href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a><mailto:<a href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a>> ><a href="https://www.redhat.com/mailman/listinfo/spacewalk-list" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/spacewalk-list</a><<a href="https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Fmailman%2Flistinfo%2Fspacewalk-list&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=8wAw4%2BnmfT7kGNPIyFYDK64dBe3zs5vDIr8YFI%2BmS7c%3D&reserved=0" rel="noreferrer" target="_blank">https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.redhat.com%2Fmailman%2Flistinfo%2Fspacewalk-list&data=02%7C01%7CPaschedag.Netlution%40swr.de%7Cc7d92ced12154370d03a08d4cd0d31db%7Cbcca095d88d442f88260cc216b81f62d%7C0%7C0%7C636358903948658518&sdata=8wAw4%2BnmfT7kGNPIyFYDK64dBe3zs5vDIr8YFI%2BmS7c%3D&reserved=0</a>> <div><div class="h5">> > > > >Please consider the environment before printing this email. >********************************************************************* >This communication may contain information which is confidential, >personal and/or privileged. It is for the exclusive use of the intended >recipient(s). >If you are not the intended recipient(s), please note that any >distribution, forwarding, copying or use of this communication or the >information in it is strictly prohibited. If you have received it in >error please contact the sender immediately by return e-mail. Please >then delete the e-mail and any copies of it and do not use or disclose >its contents to any person. >Any personal views expressed in this e-mail are those of the individual >sender and the company does not endorse or accept responsibility for >them. Prior to taking any action based upon this e-mail message, you >should seek appropriate confirmation of its authenticity. >This message has been checked for viruses on behalf of the company. >********************************************************************* > > > > >Please consider the environment before printing this email. >********************************************************************* >This communication may contain information which is confidential, >personal and/or privileged. It is for the exclusive use of the intended >recipient(s). >If you are not the intended recipient(s), please note that any >distribution, forwarding, copying or use of this communication or the >information in it is strictly prohibited. If you have received it in >error please contact the sender immediately by return e-mail. Please >then delete the e-mail and any copies of it and do not use or disclose >its contents to any person. >Any personal views expressed in this e-mail are those of the individual >sender and the company does not endorse or accept responsibility for >them. Prior to taking any action based upon this e-mail message, you >should seek appropriate confirmation of its authenticity. >This message has been checked for viruses on behalf of the company. >********************************************************************* > > > > >Please consider the environment before printing this email. >********************************************************************* >This communication may contain information which is confidential, >personal and/or privileged. It is for the exclusive use of the intended >recipient(s). >If you are not the intended recipient(s), please note that any >distribution, forwarding, copying or use of this communication or the >information in it is strictly prohibited. If you have received it in >error please contact the sender immediately by return e-mail. Please >then delete the e-mail and any copies of it and do not use or disclose >its contents to any person. >Any personal views expressed in this e-mail are those of the individual >sender and the company does not endorse or accept responsibility for >them. Prior to taking any action based upon this e-mail message, you >should seek appropriate confirmation of its authenticity. >This message has been checked for viruses on behalf of the company. >********************************************************************* </div></div>But just another information. When you get a SSL error from the client, then you have to check the SSL certificate on the "webserver"! Robert </blockquote></div> </div>