[Spacewalk-list] osad not working with Spacewalk proxy server

Sean Carolan scarolan at gmail.com
Fri Feb 17 19:39:23 UTC 2012 

So I wonder why the certificate is being generated with the wrong
name?  It contains the name of the upstream Spacewalk server, instead
of it's own hostname.  Is there something wrong with the data in my
answers file?

Incidentally I noticed that jabber seems to use a different SSL
certificate; in /etc/jabber/c2s.xml the pemfile is listed as
/etc/jabberd/server.pem, which is a symlink:

[root at spacewalkproxy01 log]# ls -l /etc/jabberd/server.pem
lrwxrwxrwx 1 root root 37 Feb 17 16:08 /etc/jabberd/server.pem ->
/etc/pki/spacewalk/jabberd/server.pem

Should I be doing anything with this pem file?  Which one is OSAD using for SSL?






On Fri, Feb 17, 2012 at 1:17 PM, Jeremy Davis <jdavis4102 at gmail.com> wrote:
> Yes the CN needs to be that of the proxy server that is listed in
> /etc/sysconfig/rhn/up2date file. This Cert should be at location
> http://spacewalkproxy01.dc.company.com/pub/RHN-ORG-TRUSTED-SSL-CERT
>
>
>
> On 02/17/2012 09:18 AM, Sean Carolan wrote:
>>
>> On Thu, Feb 16, 2012 at 6:47 PM, Jeremy Davis<jdavis4102 at gmail.com>
>>  wrote:
>>>
>>> Yes, that is the correct cert. You also need to make sure you download
>>> that
>>> cert to the client and change the /etc/sysconfig/rhn/osad.conf to point
>>> to
>>> that downloaded cert from the proxy server.
>>
>> Ok, so here are the troubleshooting steps I've taken.
>> *  Stop the proxy services
>> *  Moved /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT to
>> RHN-ORG-TRUSTED-SSL-CERT.backup
>> *  Re-ran configure-proxy.sh using the following answers file (names
>> changed to protect the innocent):
>>
>> VERSION="1.6"
>> RHN_PARENT="spacewalk02.company.com"
>> TRACEBACK_EMAIL="admins at company.com"
>> USE_SSL="Y"
>> CA_CHAIN="/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT"
>> HTTP_PROXY=
>> SSL_ORG="Some obscure gaming company"
>> SSL_ORGUNIT="spacewalkproxy01.dc.company.com"
>> SSL_COMMON="spacewalkproxy01.dc.company.com"
>> SSL_CITY="Austin"
>> SSL_STATE="Texas"
>> SSL_COUNTRY="US"
>> SSL_EMAIL="admins at company.com"
>> INSTALL_MONITORING="n"
>> POPULATE_CONFIG_CHANNEL="n"
>>
>> A brand-spanking new cert was created in /var/www/html/pub, but the OU
>> and CN in the certificate are for RHN_PARENT, or
>> spacewalk02.company.com which is the main app server.  Should this be
>> "spacewalkproxy01.dc.company.com" instead?  My theory is that the ssl
>> cert may be failing because it has the wrong name in it...
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>
> --
> Thank you,
>
> Jeremy Davis, GCIH
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list