[Spacewalk-list] Spacewalk Proxy 1.6 and non-self signed certificates
Scott Worthington
scott.c.worthington at gmail.com
Wed Dec 28 19:24:01 UTC 2011
On Wed, Dec 28, 2011 at 2:10 PM, Miroslav Suchy <msuchy at redhat.com> wrote:
> Dne 28.12.2011 17:50, Scott Worthington napsal(a):
>
>> I successfully followed (pardon the URL)...
>>
>> http://unfuckablelinux.com/2008/07/02/spacewalk-and-avoiding-self-signed-certificates/
>> ...to install a valid SSL certificate into Spacewalk. This server has
>
>
> This steps IMHO properly does not populate rhn-ca-openssl.cnf. And you have
> wrong filenames since, we assume clean use of rhn-ssl-tool.
>
>
>> been in production tracking 1.6-nightly and now 1.6-release since Sept
>> 2011, and it is working well.
>>
>> I am now creating a Spacewalk Proxy 1.6.
>>
>> When running the automation script 'configure-proxy.sh', you must copy
>> the the files three files RHN-ORG-PRIVATE-SSL-KEY,
>> RHN-ORG-TRUSTED-SSL-CERT, and rhn-ca-openssl.cnf from the main
>> Spacewalk server in /root/ssl-build.
>
>>
>> Because I am not using a self-signed SSL cert on the main Spacewalk
>> server, the script fails with:
>
> You have to copy that spacewalk-server:/root/ssl-build/spacewalk/server.key
> proxy:/root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY
> make sure that content of rhn-ca-openssl.cnf is sane and then run:
>
> configure-proxy.sh --force-own-ca
>
> Mirek
Thanks Mirek for the tip! I didn't find anything on the Spacewalk
Wiki about using own CA, and there is also a bug track about that no
documentation on --force-own-ca
(https://bugzilla.redhat.com/show_bug.cgi?id=729663).
I'll give your tips a try and report back.
Thanks,
ScottW
More information about the Spacewalk-list
mailing list