[Spacewalk-list] Satellite API, Ruby and an SSL Cert

Mathew Snyder mathew.snyder at gmail.com
Mon Apr 22 14:34:41 UTC 2013 

I am using xmlrpc/client and hadn't considered that it has an means of
turning the validation off. I've since found that and it works. Now to
figure out how to get past the 404 error.

Thanks!

-Mathew

"When you do things right, people won't be sure you've done anything at
all." - God; Futurama

"We'll get along much better once you accept that you're wrong and neither
am I." - Me


On Mon, Apr 22, 2013 at 3:21 PM, Paul Robert Marino <prmarino1 at gmail.com>wrote:

> This is a common problem
> by default Spacewalk uses a self signed CERT.
> Technically self signed certs are invalid because the authenticity of the
> certificate or the host serving it cant be verified by a "trusted" third
> party. There should be an option in whatever library (or gem as ruby calls
> them) to disable this check. Often times there is a parameter like allow
> insecure cert or disable certificate validation to work around this.
>
> P.S. I put trusted in quotes because these third parties aren't always
> that secure. My favorite example was when someone walked in to Verisign's
> office showed no ID, said they were from Microsoft and had lost the their
> root CA cert and the password for it. Verisign gave them the cert and the
> password lol.
> http://news.cnet.com/2100-1001-254586.html
>
>
>
>
> On Sat, Apr 20, 2013 at 1:01 PM, Mathew Snyder <mathew.snyder at gmail.com>wrote:
>
>> I'm attempting to connect to the Satellite API with a very simple Ruby
>> script. It is deliberately simple because I'm not only trying to learn
>> Ruby, but also the Satellite API.
>>
>> Right now, my only goal is to be able to log in and maybe list users. The
>> problem I'm encountering is that we use HTTPS with a self-signed
>> certificate. I'm not sure how to incorporate that into the script so that I
>> don't get `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server
>> certificate B: certificate verify failed (OpenSSL::SSL::SSLError).
>>
>> I've read that using net/https within the Ruby script will allow me to
>> either verify or not verify the certificate. However, I'm not sure how to
>> then proceed using the session established in that step with my connection
>> to Satellite.
>>
>> Is that the proper route or should I look at another? Perhaps getting the
>> certificate on the server I'm running the script from and using that as a
>> verification source.
>>
>> If anyone else has encountered this problem and found a solution I would
>> really appreciate some help with it.
>>
>> Ideally I'd like to disable HTTPS since it is sitting on an internal
>> network. The only incoming connections are from said internal network with
>> outbound connections only being allowed to RHN. However, whenever I attempt
>> to disable SSL it seems to break.
>>
>> -Mathew
>>
>> "When you do things right, people won't be sure you've done anything at
>> all." - God; Futurama
>>
>> "We'll get along much better once you accept that you're wrong and
>> neither am I." - Me
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20130422/8bbaf959/attachment.htm>

More information about the Spacewalk-list mailing list