[rhn-users] SSL problem on satellite server

Lazarev, Roman Roman.Lazarev at FMR.COM
Wed Feb 8 14:21:07 UTC 2006 

If you're using the best browser in the universe - Internet Explorer -
go to Internet Options -> Content -> Certificates and whack the old cert
to check Cliff's theory.

PS: now please someone start the flame about browsers.

Roman Lazarev
Fidelity Investment Management Technology
245 Summer Street V2E
Boston, MA 02210
(617) 563-1173


-----Original Message-----
From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
On Behalf Of Clifford Perry
Sent: Wednesday, February 08, 2006 9:08 AM
To: Nick Bruton; Red Hat Network Users List
Subject: Re: [rhn-users] SSL problem on satellite server


RHN Satellite at install time by default generates self signed Apache 
SSL Certificates, these certificates work fine for SSL communication to 
the Satellite. Since the certificate has not been signed by a known 
Certificate Authority (such as Verisign, etc) your web browser notices 
this and lets you know. Now in the case of version 4 - I assume you are 
talking about Satellite version 4 (and plan to migrate from one version 
to another) - when you installed satellite 4 - you again generated a new

set of SSL certificates. I expect what is happening is that the SSL 
certificate authority is stated as being the same (but have different 
signatures) - you web browser says, hey - this second CA has the exact 
same name as the other, yet you have already told me that the other is 
valid and to proceed, and thus this second instance must be bogus - I 
wont let you connect.

Typically the way to get about this is to only accept the CA for the 
current session only, then if/when you switch between Satellites to shut

the web browser down and bring it back up again.

Cliff.

Nick Bruton wrote:

> Hi,
>
> Sometime recently something has changed and now if I try to connect to

> my satellite server I get the following error ....
>
> The security certificate was issued by a company you have not chosen 
> to trust. View the certificate to determine whether you want to trust 
> the certifyinf authority.
>
> OK I can say yes and it will login BUT if I try to re-setup a version 
> 4 system it can't do the final but of the set-up cos the certificate 
> is invalid
>
> Can anyone offer any useful advice?
>
> Thanks Nick
>
>
------------------------------------------------------------------------
---- 
>
> Nick Bruton                                          PADI Divemaster 
> #624215
> University of Bristol                                Yamaha YZF R1
> Computing Service
> Tyndall Avenue
> Bristol BS8 1UD
> Tel: 0117 9288193
>
> Team email: isys-srct at bris.ac.uk
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users


_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users

More information about the rhn-users mailing list