[Spacewalk-list] Spacewalk Proxy 1.6 and non-self signed certificates
Miroslav Suchy
msuchy at redhat.com
Wed Dec 28 19:10:16 UTC 2011
Dne 28.12.2011 17:50, Scott Worthington napsal(a):
> I successfully followed (pardon the URL)...
> http://unfuckablelinux.com/2008/07/02/spacewalk-and-avoiding-self-signed-certificates/
> ...to install a valid SSL certificate into Spacewalk. This server has
This steps IMHO properly does not populate rhn-ca-openssl.cnf. And you
have wrong filenames since, we assume clean use of rhn-ssl-tool.
> been in production tracking 1.6-nightly and now 1.6-release since Sept
> 2011, and it is working well.
>
> I am now creating a Spacewalk Proxy 1.6.
>
> When running the automation script 'configure-proxy.sh', you must copy
> the the files three files RHN-ORG-PRIVATE-SSL-KEY,
> RHN-ORG-TRUSTED-SSL-CERT, and rhn-ca-openssl.cnf from the main
> Spacewalk server in /root/ssl-build.
>
> Because I am not using a self-signed SSL cert on the main Spacewalk
> server, the script fails with:
You have to copy that
spacewalk-server:/root/ssl-build/spacewalk/server.key
proxy:/root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY
make sure that content of rhn-ca-openssl.cnf is sane and then run:
configure-proxy.sh --force-own-ca
Mirek
More information about the Spacewalk-list
mailing list