[Spacewalk-list] repos wrong SSL name ? [ SOLVED ]

Matthew Darcy MDarcy at sch-group.net
Tue May 24 10:44:50 UTC 2011 

For the record, this was my own stupidity.

I had updated the certificates, but not imported them into the spacewalk interface.

Sorry

Matt

________________________________
From: spacewalk-list-bounces at redhat.com [spacewalk-list-bounces at redhat.com] on behalf of Matthew Darcy [MDarcy at sch-group.net]
Sent: 24 May 2011 08:48
To: spacewalk-list at redhat.com
Subject: [Spacewalk-list] repos wrong SSL name ?

While playing around with spacewalk yesterday to try to resolve a DNS issue I appear to have broken my SSL certificate for my repos.

I've just built a test centos 5 machine from my spacewalk 1.4 Oracle server, great, not problems.

When I run a yum update on the client to test the functionality, I get a large trace from Python that basically says the hostname is wrong in the SSL certificate.

[M2Crypto.SSL.Checker.WrongHost: Peer certificate commonName does not match host, expected spacewalk01.sccis.net, got spacewalk01
[/quote]

to resolve this I used

 rhn-ssl-tool --gen-server --set-hostname="spacewalk01.sccis.net"
which should set the certificate to the correct FQDN I'm now using, it didn't work.

A little more research and I believe the Peer certificate is actually the CA, so to resolve this I did

rhn-ssl-tool --gen-ca --force --set-common-name="spacewalk01.sccis.net"
which replaced my existing CA with a new one with the correct common name, I then re-ran rhn-ssl-tool --gen-ca --force --set-common-name="spacewalk01.sccis.net" to get that created against the new CA.

all should be well.

Just kickstarted another test machine, tried to update and got the same error, still complaining about the common name being spacewalk01 rather than spacewalk01.sccis.net

Have I missed something ?

thanks,

Matt

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20110524/ce88b0c6/attachment.htm>

More information about the Spacewalk-list mailing list