[Pulp-list] Qpid SSL on Pulp 2.4
Brian Bouterse
bbouters at redhat.com
Fri Oct 24 19:22:08 UTC 2014
By using the pulp-qpid-ssl-cfg and using your own CA and key, it then used the CA to create a certificate for the broker and the client, and it also adds them to an NSS database.
Interestingly, your server.conf doesn't specify the same CA you told pulp-qpid-ssl-cfg to use. I expected cacert to be /etc/pki/pulp_certs/pulpca.crt for both the [messaging] and [tasks] section. Any changes to that file requires a restart of all the services. What does that do?
As another thing to try, could you try having the script generate its own CA and use the recommended settings it provides. You could give it a different root folder so you could have the certs side-by-side in the filesystem. This would let us troubleshoot from a known working state with SSL working just not with a cert you provide. Just a thought about how we can eliminate all other concerns besides a cert that you are providing.
-Brian
----- Original Message -----
> From: "Randy Barlow" <rbarlow at redhat.com>
> To: "Jeff Ortel" <jortel at redhat.com>, pulp-list at redhat.com
> Sent: Friday, October 24, 2014 2:55:00 PM
> Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
>
> On 10/24/2014 02:40 PM, Ashby, Jason (IMS) wrote:
> > Those certs are the ones generated by /usr/bin/pulp-qpid-ssl-cfg. I
> > accepted the defaults for that script, except for the CA cert and key
> > which I supplied with:
> >
> > Please specify a CA. Generated if not specified.
> > Enter a path: /etc/pki/pulp_certs/pulpca.crt
> >
> > Please specify the CA key
> > Enter a path: /etc/pki/pulp_certs/pulpca.key
> >
> > Does that answer your questions?
>
> I'm not familiar with pulp-qpid-ssl-cfg myself. Jeff, do you know if
> this is correct?
>
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
More information about the Pulp-list
mailing list