[Spacewalk-list] Spacewalk certificate
Gerald Vogt
vogt at spamcop.net
Fri May 10 05:21:10 UTC 2013
On 09.05.2013 23:47, Benedetto Vassallo wrote:
> 1) Is it possible to use the same certificate inside spacewalk (e.g.
> osad)? If yes, how I can generate a certificate like
> RHN-ORG-TRUSTED-SSl-CERT starting from my .pem files?
a. you should not confuse server and client sides.
b. remember all certificate paths can be configured, i.e. the
certificate chain checked is not necessarily in RHN-ORG-TRUSTED-SSl-CERT
c. The whole purpose of the certificate chain on the client is to verify
the server, i.e. it must match.
d. The certificate chain is simply a collection of all CA in the chain
from the server certificate to the root. If you have your own
self-signed CA to issue certificates it would be only this CA cert.
> 2) If is not possible, is it safe to use my certificate in apache
> ssl.conf and the original RHN-ORG-TRUSTED-SSl-CERT inside spacewalk or I
> can broken something with this?
It may be possible (although I hope it's not. but I haven't tried).
IMHO, this kind of setup would defy the whole purpose of the
certificates: The client would not be able to verify the server...
-Gerald
More information about the Spacewalk-list
mailing list