<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css" style="display:none;"></style> </head> <body dir="ltr"> <div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr"> <p>Avi,</p> <p><br> </p> <p><span title="" class="">Thank you</span> very much for the explanation. They're very helpful, and I'm not as concerned as I was previously.</p> <p><br> </p> <p>Thanks</p> <p><br> </p> <p>Daryl</p> <p><br> </p> <br> <div style="color: rgb(0, 0, 0);"> <div> <hr tabindex="-1" style="display:inline-block; width:98%"> <div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> spacewalk-list-bounces@redhat.com <spacewalk-list-bounces@redhat.com> on behalf of Avi Miller <avi.miller@oracle.com><br> <b>Sent:</b> Monday, October 9, 2017 10:59 AM<br> <b>To:</b> spacewalk-list@redhat.com<br> <b>Subject:</b> Re: [Spacewalk-list] Auto-deploying renewed cert</font> <div> </div> </div> </div> <font size="2"><span style="font-size:10pt;"> <div class="PlainText">Hi,<br> <br> <br> > On 9 Oct 2017, at 6:12 am, Daryl Rose <darylrose@outlook.com> wrote:<br> > <br> > I am also thinking that Avi and I are not talking about the same cert. I am not using the signed cert from SW, but I am using a signed cert from an CA.<br> <br> We are talking about the same certificate, but perhaps I'm not being clear. :) <br> <br> There are two certificates at play here:<br> <br> 1. The CA's SSL certificate chain (which is "RHN-ORG-TRUSTED-SSL-CERT")<br> 2. The Spacewalk Server's certificate (which is "server.crt" in /root/ssl-build/<hostname>/<br> <br> When Spacewalk is installed using the default self-signed certificates, it first creates its own Certificate Authority (CA). In order for clients to validate certificates signed by this CA, you have to distribute the RHN-ORG-TRUSTED-SSL-CERT created by the installer to each client.<br> <br> Using the replacement procedure from our documentation, you replace the Spacewalk generated CA certificate with the full keychain provided by your CA. This keychain has a pretty long lifespan (usually about 10 years).<br> <br> Now, when you need to renew your Spacewalk Server certificate ("server.crt"), your CA is going to sign it with the *same* CA chain it used for the first one. Therefore, your clients do NOT need to be updated. They will continue to validate the renewed certificate installed on your Spacewalk Server with the existing RHN-ORG-TRUSTED-SSL-CERT you distributed initially.<br> <br> The only times you have to replace RHN-ORG-TRUSTED-SSL-CERT are:<br> <br> 1. If you change your CA, e.g. if you switch SSL certificate providers<br> 2. The CA certificate chain actually expires<br> <br> I hope that makes more sense!<br> <br> Thanks,<br> Avi<br> <br> --<br> Oracle <<a href="http://www.oracle.com" id="LPlnk373646" previewremoved="true">http://www.oracle.com</a>> <div id="LPBorder_GT_15075758631890.34423688297229704" style="margin-bottom: 20px; overflow: auto; width: 100%; text-indent: 0px;"> <table id="LPContainer_15075758631870.18719964765086883" role="presentation" cellspacing="0" style="width: 90%; background-color: rgb(255, 255, 255); position: relative; overflow: auto; padding-top: 20px; padding-bottom: 20px; margin-top: 20px; border-top: 1px dotted rgb(200, 200, 200); border-bottom: 1px dotted rgb(200, 200, 200);"> <tbody> <tr valign="top" style="border-spacing: 0px;"> <td id="TextCell_15075758631880.38148874772019226" colspan="2" style="vertical-align: top; position: relative; padding: 0px; display: table-cell;"> <div id="LPRemovePreviewContainer_15075758631880.9419820027577037"></div> <div id="LPTitle_15075758631880.18230100217612355" style="top: 0px; color: rgb(0, 120, 215); font-weight: normal; font-size: 21px; font-family: wf_segoe-ui_light, "Segoe UI Light", "Segoe WP Light", "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; line-height: 21px;"> <a id="LPUrlAnchor_15075758631880.3107965099615082" href="http://www.oracle.com/" target="_blank" style="text-decoration: none;">Oracle | Integrated Cloud Applications and Platform Services</a></div> <div id="LPMetadata_15075758631880.10329413771803919" style="margin: 10px 0px 16px; color: rgb(102, 102, 102); font-weight: normal; font-family: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; font-size: 14px; line-height: 14px;"> www.oracle.com</div> <div id="LPDescription_15075758631890.21918706208912386" style="display: block; color: rgb(102, 102, 102); font-weight: normal; font-family: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; font-size: 14px; line-height: 20px; max-height: 100px; overflow: hidden;"> Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.</div> </td> </tr> </tbody> </table> </div> <br> <br> Avi Miller | Product Management Director | +61 (3) 8616 3496<br> Oracle Linux and Virtualization<br> 417 St Kilda Road, Melbourne, Victoria 3004 Australia<br> <br> <br> _______________________________________________<br> Spacewalk-list mailing list<br> Spacewalk-list@redhat.com<br> <a href="https://www.redhat.com/mailman/listinfo/spacewalk-list" id="LPlnk943981" previewremoved="true">https://www.redhat.com/mailman/listinfo/spacewalk-list</a> <div id="LPBorder_GT_15075758918190.5494745475334963" style="margin-bottom: 20px; overflow: auto; width: 100%; text-indent: 0px;"> <table id="LPContainer_15075758918170.13984180716047656" role="presentation" cellspacing="0" style="width: 90%; background-color: rgb(255, 255, 255); position: relative; overflow: auto; padding-top: 20px; padding-bottom: 20px; margin-top: 20px; border-top: 1px dotted rgb(200, 200, 200); border-bottom: 1px dotted rgb(200, 200, 200);"> <tbody> <tr valign="top" style="border-spacing: 0px;"> <td id="TextCell_15075758918180.23652338233609105" colspan="2" style="vertical-align: top; position: relative; padding: 0px; display: table-cell;"> <div id="LPRemovePreviewContainer_15075758918180.48109133435908147"></div> <div id="LPTitle_15075758918180.7819538684247778" style="top: 0px; color: rgb(0, 120, 215); font-weight: normal; font-size: 21px; font-family: wf_segoe-ui_light, "Segoe UI Light", "Segoe WP Light", "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; line-height: 21px;"> <a id="LPUrlAnchor_15075758918180.7249344672287779" href="https://www.redhat.com/mailman/listinfo/spacewalk-list" target="_blank" style="text-decoration: none;">Spacewalk-list Info Page - Red Hat</a></div> <div id="LPMetadata_15075758918180.8585845188590358" style="margin: 10px 0px 16px; color: rgb(102, 102, 102); font-weight: normal; font-family: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; font-size: 14px; line-height: 14px;"> www.redhat.com</div> <div id="LPDescription_15075758918190.9717993393974449" style="display: block; color: rgb(102, 102, 102); font-weight: normal; font-family: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; font-size: 14px; line-height: 20px; max-height: 100px; overflow: hidden;"> Red Hat Linux is the centerpiece of a complete solution that includes software, support, training, and services. We feature a broad range of solutions to serve a ...</div> </td> </tr> </tbody> </table> </div> <br> <br> </div> </span></font></div> </div> </body> </html>