[Spacewalk-list] OSAD failing with 'certificate verify failed' but rhn_check etc running...

Justin Edmands shockwavecs at gmail.com
Sun May 5 16:52:44 UTC 2013 

Your RHN SSL cert is most likely incorrect or your up2date config file is pointing to the wrong place. Always use FQDN with spacewalk/jabber/osad. Have you ever changed spacewalk servers, hostnames, sub domains, or anything similar? Grab your client and server certs and run a diff. Lastly make sure your /etc/sysconfig/rhn/up2date config file is pointing to the correct server and that server has the same cert file as previously mentioned.

--

Justin Edmands
Shockwavecs at gmail.com

On May 5, 2013, at 9:19 AM, Jonathan Hoser <jonathan.hoser at helmholtz-muenchen.de> wrote:

> Dear all,
> 
> once again I stumbled upon something in *some* of my systems that I
> cannot explain:
> 
> On some (mind you not all, it seems like restricted to the newest
> multi-core systems),
> I face the issue that I can't get OSAD to run.
> 
> It will fail with:
> [root at box ~]# osad -N -v -v -v -v
> 2013-05-05 15:13:24 osad._setup_config: Updating configuration
> 2013-05-05 15:13:25 osad._setup_config: Time drift -6
> 2013-05-05 15:13:25 osad._setup_config: Client name 64ca83fc9f2aebc1
> 2013-05-05 15:13:25 osad._setup_config: Shared key
> 1b751ed386bb3dd21fd0507d4f6ba80a69f50e23
> 2013-05-05 15:13:25 jabber_lib.setup_connection: Connecting to
> spacewalk.helmholtz-muenchen.de
> 2013-05-05 15:13:25 jabber_lib._get_jabber_client:
> 2013-05-05 15:13:25 jabber_lib._get_jabber_client: Connecting to
> spacewalk.helmholtz-muenchen.de
> 2013-05-05 15:13:25 jabber_lib.__init__:
> 2013-05-05 15:13:25 jabber_lib.__init__:
> 2013-05-05 15:13:25 jabber_lib.check_cert: Loading cert <X509Name object
> '/C=DE/ST=BY/L=Neuherberg/O=Helmholtz Zentrum Muenchen
> GmbH/OU=IBIS/CN=IBIS-Spacewalk/emailAddress=jonathan.hoser[ATAT]helmholtz-muenchen.de'>
> 2013-05-05 15:13:25 jabber_lib.connect:
> 2013-05-05 15:13:25 jabber_lib.process: 300
> 2013-05-05 15:13:25 jabber_lib.process: None
> 2013-05-05 15:13:25 jabber_lib.connect: Preparing for TLS handshake
> Traceback caught:
> Traceback (most recent call last):
>  File "/usr/share/rhn/osad/jabber_lib.py", line 616, in connect
>    ssl.do_handshake()
> Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate
> verify failed')]
> 
> (only changed my email from the X509 line above)
> 
> While the certificate itself (I think)
> DOES work, since yum, rhn_check etc. do not complain at all.
> If I really screw up with the certs (ie Server updates Cert but not
> updated on client) these don't work either -
> from my experience.
> 
> Anyone got an idea what might be going on?
> 
> Best
> -Jonathan
> 
> --
> Jonathan Hoser, M.Sc.
> Institute of Bioinformatics and System Biology
> 
> WWW: http://mips.helmholtz-muenchen.de
> 
> 
> Helmholtz Zentrum München
> Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH)
> Ingolstädter Landstr. 1
> 85764 Neuherberg
> www.helmholtz-muenchen.de
> Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe
> Geschäftsführer: Prof. Dr. Günther Wess und Dr. Nikolaus Blum
> Registergericht: Amtsgericht München HRB 6466
> USt-IdNr: DE 129521671
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list