[Spacewalk-list] how to use real certificate with spacewalk

YANG LI yangli at clemson.edu
Tue Dec 2 16:14:33 UTC 2014 

Thank you, Glen. I have got certificate installed following this:

> http://www.marsdominion.com/2013/02/01/configuring-a-rhn-satellite-server-with-a-third-party-cert/

I see web server is working fine and after I get new RHN-ORG-TRUSTED-SSL-CERT on client, I can yum update client with spacewalk, but I did notice when I restart spacewalk-service, there is a issue with osa-dispatcher

Starting osa-dispatcher: Spacewalk 25785 2014/12/02 11:04:25 -04:00: ('Server does not support TLS - <starttls /> not in <features /> stanza',)
Spacewalk 25785 2014/12/02 11:04:25 -04:00: ('Traceback (most recent call last):\n  File "/usr/share/rhn/osad/jabber_lib.py", line 252, in setup_connection\n    c = self._get_jabber_client(js)\n  File "/usr/share/rhn/osad/jabber_lib.py", line 309, in _get_jabber_client\n    c.connect()\n  File "/usr/share/rhn/osad/jabber_lib.py", line 597, in connect\n    raise SSLDisabledError\nSSLDisabledError\n',)
                                                           [  OK  ]

what I should do to resolve this?

Thanks,
Yang
On Nov 26, 2014, at 12:25 PM, Glen Collins <glenc2004 at comcast.net> wrote:

> Hi Yang,
> 
>   Look at this:
> 
> http://www.marsdominion.com/2013/02/01/configuring-a-rhn-satellite-server-with-a-third-party-cert/
> 
> Here is the wiki on changing the name of the server. Give ideas where files that need to be changed:
> 
> https://fedorahosted.org/spacewalk/wiki/How_to_rename_or_change_a_satellite_hostnam
> 
> Also what I found is you need to rebuild the rpms found under /root/ssl-build so the new certs are used. Remove the old rpm's and use the new ones. Also jabber and osa-dispatcher will be unhappy too!
> 
> Anyway, hope this helps!
> 
> Regards,
> 
> Glen Collins
> 
> ----- Original Message -----
> I am trying to use real certificate with spacewalk server. I have changed /etc/httpd/conf.d/ssl.conf with following:
> 
> SSLCertificateFile /etc/pki/tls/certs/server.crt
> SSLCertificateKeyFile /etc/pki/tls/private/server.key
> SSLCertificateChainFile /etc/pki/tls/certs/server_interm.crt
> 
> I restarted spacewalk-service
> 
> # spacewalk-service restart
> 
> My spacewalk web GUI seems work fine, but I think I may have missed something else since all my client will get the SSL certificate failed verification error.
> 
> # yum check-update
> Loaded plugins: product-id, rhnplugin, subscription-manager
> This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
> 
> 
> The SSL certificate failed verification.
> 
> Is there a instruction what else I should do to get everything changed?
> 
> Thanks,
> Yang
> 
> 
> 
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list