[Pulp-list] My Failed PULP setup aka SSL Errors

Randy Barlow rbarlow at redhat.com
Fri Oct 31 13:37:42 UTC 2014

On 10/31/2014 02:39 AM, Gavin Jones wrote:
> Hey Randy,
>       Thanks for your reply, yes you have some good points.
> openssl x509 -in rootca.crt -noout -text  | grep -i   Version:
>         Version: 3 (0x2)
> openssl x509 -in pulp01.rap.local.crt -noout -text | grep -i   Version:
>         Version: 1 (0x0)
> openssl x509 -in pulpca.crt -noout -text | grep -i   Version:
>         Version: 3 (0x2)
> This step: openssl x509 -req -days 3650 -CA pulpca.crt -CAkey pulpca.key
> -set_serial 01 -in pulp01.rap.local.csr -out pulp01.rap.local.crt
> produces an SSLv1 Cert NOT an SSLv3 Cert...need to modify this somehow...

This all looks OK - the httpd certificate does not need to be a v3
certificate (and should not be a CA certificate).

> vim /etc/httpd/conf.d/ssl.conf
> SSLCertificateFile /etc/pki/pulp_certs/pulpca.crt
> SSLCertificateKeyFile /etc/pki/pulp_certs/pulpca.key
> SSLCACertificateFile /etc/pki/pulp_certs/pulpca_chain.crt

I mentioned in my other e-mail that the SSLCACertificateFile needs to be
unchanged because it's also set in pulp.conf to the correct value. Also,
you shouldn't use your CA for the certificate and certificate key -
those need to be that v1 certificate.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20141031/2704bf7c/attachment.sig>

More information about the Pulp-list mailing list