[Pulp-list] My Failed PULP setup aka SSL Errors
Randy Barlow
rbarlow at redhat.com
Fri Oct 31 13:37:42 UTC 2014
On 10/31/2014 02:39 AM, Gavin Jones wrote:
> Hey Randy,
> Thanks for your reply, yes you have some good points.
>
> openssl x509 -in rootca.crt -noout -text | grep -i Version:
> Version: 3 (0x2)
> openssl x509 -in pulp01.rap.local.crt -noout -text | grep -i Version:
> Version: 1 (0x0)
>
> openssl x509 -in pulpca.crt -noout -text | grep -i Version:
> Version: 3 (0x2)
> This step: openssl x509 -req -days 3650 -CA pulpca.crt -CAkey pulpca.key
> -set_serial 01 -in pulp01.rap.local.csr -out pulp01.rap.local.crt
> produces an SSLv1 Cert NOT an SSLv3 Cert...need to modify this somehow...
This all looks OK - the httpd certificate does not need to be a v3
certificate (and should not be a CA certificate).
> vim /etc/httpd/conf.d/ssl.conf
>
> SSLCertificateFile /etc/pki/pulp_certs/pulpca.crt
> SSLCertificateKeyFile /etc/pki/pulp_certs/pulpca.key
> SSLCACertificateFile /etc/pki/pulp_certs/pulpca_chain.crt
I mentioned in my other e-mail that the SSLCACertificateFile needs to be
unchanged because it's also set in pulp.conf to the correct value. Also,
you shouldn't use your CA for the certificate and certificate key -
those need to be that v1 certificate.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20141031/2704bf7c/attachment.sig>
More information about the Pulp-list
mailing list