[Spacewalk-list] spacewalk-proxy

Baptiste AGASSE baptiste.agasse at lyra-network.com
Tue May 24 14:49:11 UTC 2011 

That's ok now,

when i've run ssldump, it says:
3 6  0.0224 (0.0004)  C>S  Alert
    level           fatal
    value           unknown_ca

the spacewalk server is a self signed cert and by default, configure-proxy.sh script specify RHN CA cert, i've replaced RHN CA by my spacewalk cert path like that :

CA Chain [/usr/share/rhn/RHNS-CA-CERT]: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

Sorry for the noise.

Regards.


Baptiste AGASSE
Lyra Network, Service Systèmes et Réseaux
Rue Carmin, BP 87350, 31673 Labège Cedex - France
Tél: (+33)5.67.22.31.87
Fax: (+33)5.67.22.31.61
Mail: baptiste.agasse at lyra-network.com
Site: http://www.lyra-network.com

----- Mail original -----
De: "Baptiste AGASSE" <baptiste.agasse at lyra-network.com>
À: spacewalk-list at redhat.com
Envoyé: Mardi 24 Mai 2011 15:56:18
Objet: Re: [Spacewalk-list] spacewalk-proxy

Yes, i've checked again, that's definitively the same cert
It use only 443 (i've specified that i want to use ssl) port for register proxy to spacewalk server ?
i can connect via telnet on following ports from my "future" spacewalk-proxy to spacewalk server, so it's not a filter problem :
80, 443 and 5269

Baptiste AGASSE
Lyra Network, Service Systèmes et Réseaux
Rue Carmin, BP 87350, 31673 Labège Cedex - France
Tél: (+33)5.67.22.31.87
Fax: (+33)5.67.22.31.61
Mail: baptiste.agasse at lyra-network.com
Site: http://www.lyra-network.com

----- Mail original -----
De: "Miroslav Suchy" <msuchy at redhat.com>
À: spacewalk-list at redhat.com
Envoyé: Mardi 24 Mai 2011 15:23:00
Objet: Re: [Spacewalk-list] spacewalk-proxy

Dne 24.5.2011 14:58, Baptiste AGASSE napsal(a):
>RHN Parent [spacewalk1.example.com]:
>CA Chain [/usr/share/rhn/RHNS-CA-CERT]:
...
> Country code []: FR
> Email [baptiste.agasse at lyra-network.com]:
> ERROR: failed SSL connection - bad or expired cert?
> Proxy activation failed! Installation interrupted.
> ERROR: failed SSL connection - bad or expired cert?

This definitelly looks on bad cert.

> and the certificate (/usr/share/rhn/RHNS-CA-CERT) is the cert of spacewalk1.example.com and is valid

So you are saying that there is no diff between 
/usr/share/rhn/RHNS-CA-CERT on spacewal2 and
http://spacewalk1.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT
? Can you please run diff on them once again?

Mirek

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list