[Spacewalk-list] Spacewalk certificate
Benedetto Vassallo
benedetto.vassallo at unipa.it
Fri May 10 20:45:20 UTC 2013
Def. Quota Gerald Vogt <vogt at spamcop.net>:
> On 09.05.2013 23:47, Benedetto Vassallo wrote:
>> 1) Is it possible to use the same certificate inside spacewalk (e.g.
>> osad)? If yes, how I can generate a certificate like
>> RHN-ORG-TRUSTED-SSl-CERT starting from my .pem files?
>
> a. you should not confuse server and client sides.
> b. remember all certificate paths can be configured, i.e. the
> certificate chain checked is not necessarily in RHN-ORG-TRUSTED-SSl-CERT
> c. The whole purpose of the certificate chain on the client is to verify
> the server, i.e. it must match.
> d. The certificate chain is simply a collection of all CA in the chain
> from the server certificate to the root. If you have your own
> self-signed CA to issue certificates it would be only this CA cert.
>
>> 2) If is not possible, is it safe to use my certificate in apache
>> ssl.conf and the original RHN-ORG-TRUSTED-SSl-CERT inside spacewalk or I
>> can broken something with this?
>
> It may be possible (although I hope it's not. but I haven't tried).
> IMHO, this kind of setup would defy the whole purpose of the
> certificates: The client would not be able to verify the server...
>
> -Gerald
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
Thank you all for the replies.
I realize maybe it's better if I don't touch anything if I don't
really know what I'm doing.
Best regards.
--
Benedetto Vassallo
Sistema Informativo di Ateneo
Settore Gestione Reti Hardware e Software
U.O.B. Sviluppo e manutenzione dei sistemi
Università degli studi di Palermo
Phone: +3909123860056
Fax: +390916529124
More information about the Spacewalk-list
mailing list