[Spacewalk-list] osad not working with Spacewalk proxy server
Wojtak, Greg (Superfly)
GregWojtak at quickenloans.com
Fri Feb 17 20:11:08 UTC 2012
server.pem and RHN-ORG-TRUSTED-SSL-CERT are two different things.
server.pem is for jabberd. the CN in server.pem should be your spacewalk
proxy's fqdn. RHN-ORG-TRUSTED-SSL-CERT should be identical to your
non-proxied clients' (at least it is in our environment). Double check
that the <id></id> fields in /etc/jabberd/c2s.xml match the CN in the
server.pem. You can check the CN in server.pem by running
openssl x509 -text < /etc/jabberd/server.pem
On 2012-02-17 2:48 PM, "Sean Carolan" <scarolan at gmail.com> wrote:
>On Thu, Feb 16, 2012 at 4:53 PM, Jeremy Davis <jdavis4102 at gmail.com>
>wrote:
>> If a server is connecting to a Spacewalk Proxy server you will need to
>>use
>> the SSL Cert that was generated for that proxy server. This Cert will
>>be in
>> the same location as the app server but on the proxy server.
>
>How is /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT supposed to be created
>on the proxy machine? On most of our "normal" client servers, we
>simply use wget to pull this file so that OSAD will work. But if the
>proxy server is supposed to have a different cert in this location,
>how does it get created? Here's what happens if I try to configure
>the proxy without this file in place:
>
>[root at spacewalkproxy01 ~]# configure-proxy.sh
>RHN Parent [spacewalk02.company.com]:
>CA Chain [/usr/share/rhn/RHNS-CA-CERT]:
>/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>Error: File /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT is not readable by
>nobody user.
>
>Forgive me for all the noob questions; I'm still learning how all this
>stuff fits together. The documentation on the SSL setup is a bit
>thin...
>
>_______________________________________________
>Spacewalk-list mailing list
>Spacewalk-list at redhat.com
>https://www.redhat.com/mailman/listinfo/spacewalk-list
More information about the Spacewalk-list
mailing list