[Spacewalk-list] SSL Errors When rhnreg_ks'ing
Wojtak, Greg
GregWojtak at quickenloans.com
Fri Jul 29 16:35:26 UTC 2011
All our servers are in sync with each other. The good news is, I kept
hacking around and got it working. The solution was ridiculously simple:
1) cd /root/ssl-build
2) cp server.crt /etc/pki/tls/certs
3) cp server.key /etc/pki/tls/private
4) service httpd reload
5) profit
So now I am able to register clients over https and have their
communications working properly.
Is there a document that shows how to use a purchased certificate (or in
our case, our
own CA) to properly create the httpd and jabber certs as well as setting
up the CA
cert on the clients?
Thanks!
Greg
On 2011-07-29 11:51 AM, "Jan Pazdziora" <jpazdziora at redhat.com> wrote:
>On Thu, Jul 28, 2011 at 05:17:31PM -0400, Wojtak, Greg wrote:
>> I started playing around with provisioning today and got to the point
>> where I can get a system kickstarted, but it is not showing up in
>> spacewalk afterwards as a registered system. Looking through the
>> kickstart, I finally tracked it down to an SSL issue when running
>> rhnreg_ks:
>>
>> [root at localhost rhn]# rhnreg_ks --serverUrl=https://spacewalk/XMLRPC
>> <https://ql2spacewalk1/XMLRPC>
>> --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>> --activationkey=1-eab559ea4aaccb6911f1f0bf8e1ff973,1-centos-6-x86_64
>> An error has occurred:
>> <class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>
>> See /var/log/up2date for more information
>>
>> This hasn't been in issue in the past because when we register systems
>> manually, we've always done so with http (no SSL). I was running apache
>> httpd with an SSL cert generated from our internal PKI infrastructure,
>>so
>> I replaced that with the cert created by the spacewalk installer. I
>>still
>> get the same error.
>
>Is the time on the client and on the server in sync?
>
>--
>Jan Pazdziora
>Principal Software Engineer, Satellite Engineering, Red Hat
>
>_______________________________________________
>Spacewalk-list mailing list
>Spacewalk-list at redhat.com
>https://www.redhat.com/mailman/listinfo/spacewalk-list
More information about the Spacewalk-list
mailing list