[Spacewalk-list] Satellite API, Ruby and an SSL Cert

Mon Apr 22 14:21:52 UTC 2013

This is a common problem
by default Spacewalk uses a self signed CERT.
Technically self signed certs are invalid because the authenticity of the
certificate or the host serving it cant be verified by a "trusted" third
party. There should be an option in whatever library (or gem as ruby calls
them) to disable this check. Often times there is a parameter like allow
insecure cert or disable certificate validation to work around this.

P.S. I put trusted in quotes because these third parties aren't always that
secure. My favorite example was when someone walked in to Verisign's office
showed no ID, said they were from Microsoft and had lost the their root CA
cert and the password for it. Verisign gave them the cert and the password
lol.
http://news.cnet.com/2100-1001-254586.html

On Sat, Apr 20, 2013 at 1:01 PM, Mathew Snyder <mathew.snyder at gmail.com>wrote:

> I'm attempting to connect to the Satellite API with a very simple Ruby
> script. It is deliberately simple because I'm not only trying to learn
> Ruby, but also the Satellite API.
>
> Right now, my only goal is to be able to log in and maybe list users. The
> problem I'm encountering is that we use HTTPS with a self-signed
> certificate. I'm not sure how to incorporate that into the script so that I
> don't get `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server
> certificate B: certificate verify failed (OpenSSL::SSL::SSLError).
>
> I've read that using net/https within the Ruby script will allow me to
> either verify or not verify the certificate. However, I'm not sure how to
> then proceed using the session established in that step with my connection
> to Satellite.
>
> Is that the proper route or should I look at another? Perhaps getting the
> certificate on the server I'm running the script from and using that as a
> verification source.
>
> If anyone else has encountered this problem and found a solution I would
> really appreciate some help with it.
>
> Ideally I'd like to disable HTTPS since it is sitting on an internal
> network. The only incoming connections are from said internal network with
> outbound connections only being allowed to RHN. However, whenever I attempt
> to disable SSL it seems to break.
>
> -Mathew
>
> "When you do things right, people won't be sure you've done anything at
> all." - God; Futurama
>
> "We'll get along much better once you accept that you're wrong and
> neither am I." - Me
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20130422/a78c667f/attachment.htm>