[Spacewalk-list] IPSCA SSL Certificate installation on .6?
Greg Fuller
gregory.fuller at oswego.edu
Wed Sep 9 14:03:49 UTC 2009
I have a valid SSL certificate created from a trusted CA
(certs.ipsca.com -- .EDU's get free certs from there). I'm trying to
install this SSL certificate into spacewalk .6. Basically, all I'm
looking to do is to use the trusted SSL cert for the web interfaces of
spacewalk so we don't get the error from IE or Firefox saying the
certificate is not valid (the default self-signed one).
The only instructions I've found on how to do this is at this site:
http://www.unf**kablelinux.com/2008/07/spacewalk-and-avoiding-self-signe
d-certificates/
(replace the *'s to get the real URL -- I wanted the message to make it
past spam filters!)
I've followed those directions step by step and I can get our issued
IPSCA certificate to show up in the web browser, but the browser still
states it is not a trusted authority (IPSCA *IS* in the IE and Firefox
trusted authorities).
I'm still able to login to the web interface, but I did get errors when
restarted spacewalk:
Starting osa-dispatcher: RHN 26627 2009/09/09 09:45:38 -04:00:
('Traceback caught:',)
RHN 26627 2009/09/09 09:45:38 -04:00: ('Traceback (most recent call
last):\n File "/usr/share/rhn/osad/jabber_lib.py", line 617, in
connect\n ssl.do_handshake()\nError: [(\'SSL routines\',
\'SSL3_GET_SERVER_CERTIFICATE\', \'certificate verify failed\')]\n',)
[FAILED]
I get the following that shows up in my syslogs during startup of
spacewalk:
Sep 9 09:45:38 spacewalk-prod-01 jabberd/c2s[26522]: [7] [127.0.0.1,
port=52800] error: SSL handshake error (error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca)
Any idea what might be going on? I've already installed the trusted CA
and intermediate certs per the directions on that site above.
--greg
Gregory A. Fuller - CCNA
Network Manager
State University of New York at Oswego
Phone: (315) 312-5750
http://www.oswego.edu/~gfuller
More information about the Spacewalk-list
mailing list