[Spacewalk-list] how to use real certificate with spacewalk
YANG LI
yangli at clemson.edu
Tue Dec 2 16:14:33 UTC 2014
Thank you, Glen. I have got certificate installed following this:
> http://www.marsdominion.com/2013/02/01/configuring-a-rhn-satellite-server-with-a-third-party-cert/
I see web server is working fine and after I get new RHN-ORG-TRUSTED-SSL-CERT on client, I can yum update client with spacewalk, but I did notice when I restart spacewalk-service, there is a issue with osa-dispatcher
Starting osa-dispatcher: Spacewalk 25785 2014/12/02 11:04:25 -04:00: ('Server does not support TLS - <starttls /> not in <features /> stanza',)
Spacewalk 25785 2014/12/02 11:04:25 -04:00: ('Traceback (most recent call last):\n File "/usr/share/rhn/osad/jabber_lib.py", line 252, in setup_connection\n c = self._get_jabber_client(js)\n File "/usr/share/rhn/osad/jabber_lib.py", line 309, in _get_jabber_client\n c.connect()\n File "/usr/share/rhn/osad/jabber_lib.py", line 597, in connect\n raise SSLDisabledError\nSSLDisabledError\n',)
[ OK ]
what I should do to resolve this?
Thanks,
Yang
On Nov 26, 2014, at 12:25 PM, Glen Collins <glenc2004 at comcast.net> wrote:
> Hi Yang,
>
> Look at this:
>
> http://www.marsdominion.com/2013/02/01/configuring-a-rhn-satellite-server-with-a-third-party-cert/
>
> Here is the wiki on changing the name of the server. Give ideas where files that need to be changed:
>
> https://fedorahosted.org/spacewalk/wiki/How_to_rename_or_change_a_satellite_hostnam
>
> Also what I found is you need to rebuild the rpms found under /root/ssl-build so the new certs are used. Remove the old rpm's and use the new ones. Also jabber and osa-dispatcher will be unhappy too!
>
> Anyway, hope this helps!
>
> Regards,
>
> Glen Collins
>
> ----- Original Message -----
> I am trying to use real certificate with spacewalk server. I have changed /etc/httpd/conf.d/ssl.conf with following:
>
> SSLCertificateFile /etc/pki/tls/certs/server.crt
> SSLCertificateKeyFile /etc/pki/tls/private/server.key
> SSLCertificateChainFile /etc/pki/tls/certs/server_interm.crt
>
> I restarted spacewalk-service
>
> # spacewalk-service restart
>
> My spacewalk web GUI seems work fine, but I think I may have missed something else since all my client will get the SSL certificate failed verification error.
>
> # yum check-update
> Loaded plugins: product-id, rhnplugin, subscription-manager
> This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
>
>
> The SSL certificate failed verification.
>
> Is there a instruction what else I should do to get everything changed?
>
> Thanks,
> Yang
>
>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
More information about the Spacewalk-list
mailing list