[Spacewalk-list] osad not working with Spacewalk proxy server

[Sean Carolan]

On Fri, Feb 17, 2012 at 2:11 PM, Wojtak, Greg (Superfly)
<GregWojtak at quickenloans.com> wrote:
> server.pem and RHN-ORG-TRUSTED-SSL-CERT are two different things.
>
> server.pem is for jabberd.  the CN in server.pem should be your spacewalk
> proxy's fqdn.  RHN-ORG-TRUSTED-SSL-CERT should be identical to your
> non-proxied clients' (at least it is in our environment).  Double check
> that the <id></id> fields in /etc/jabberd/c2s.xml match the CN in the
> server.pem.  You can check the CN in server.pem by running
>
> openssl x509 -text < /etc/jabberd/server.pem


w00t - I got it working!  The fix in case anyone runs into something similar:

1.  Stop the rhn-proxy services
2.  Wipe clean the contents of /root/ssl-build on the proxy server
3.  Remove all spacewalk-proxy* packages from the system
4.  Delete /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT on the proxy server
if it still exists
5.  Reinstall the proxy server: yum install spacewalk-proxy-installer
6.  Run "configure-proxy.sh".  It will fail the first time asking you
to scp your cert, key and config file over like so:
 scp 'root at spacewalk02.company.com:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}'
/root/ssl-build
7.  Run "configure-proxy.sh" again, this time it will complete and ask
you for your SSL passphrase.  Once this completes successfully it
should work!
8.  Test a client by registering it with the proxy, and then starting
up osad.  It should start showing up with "Online as of $DATE" in the
GUI.

I believe #6 and #7 is where I was failing the first few tries.  There
were multiple certs in the /root/ssl-build directory, and I had
forgotten the ssl cert passphrase.  Fortunately I managed to get rid
of the unnecessary certs, and dig up the passphrase for the real
certificate.

Thanks Greg and Jeremy for the helpful suggestions.