[Spacewalk-list] how to use real certificate with spacewalk

Glen Collins glenc2004 at comcast.net
Tue Dec 2 19:45:46 UTC 2014 

Hi Yang,

   Make sure your RPM's were updated that handle the SSL certs for the rest of the system (Output from my environment, your versions numbers will be different):

rhn-org-trusted-ssl-cert-1.0-1.noarch
rhn-org-httpd-ssl-key-pair-<systemname>-1.0-3.noarch

You should be able to find the RPM's in the /root/ssl-build directory.

Regards,

Glen Collins

----- Original Message -----
Thank you, Glen. I have got certificate installed following this:

> http://www.marsdominion.com/2013/02/01/configuring-a-rhn-satellite-server-with-a-third-party-cert/

I see web server is working fine and after I get new RHN-ORG-TRUSTED-SSL-CERT on client, I can yum update client with spacewalk, but I did notice when I restart spacewalk-service, there is a issue with osa-dispatcher

Starting osa-dispatcher: Spacewalk 25785 2014/12/02 11:04:25 -04:00: ('Server does not support TLS - <starttls /> not in <features /> stanza',)
Spacewalk 25785 2014/12/02 11:04:25 -04:00: ('Traceback (most recent call last):\n  File "/usr/share/rhn/osad/jabber_lib.py", line 252, in setup_connection\n    c = self._get_jabber_client(js)\n  File "/usr/share/rhn/osad/jabber_lib.py", line 309, in _get_jabber_client\n    c.connect()\n  File "/usr/share/rhn/osad/jabber_lib.py", line 597, in connect\n    raise SSLDisabledError\nSSLDisabledError\n',)
                                                           [  OK  ]

what I should do to resolve this?

Thanks,
Yang
On Nov 26, 2014, at 12:25 PM, Glen Collins <glenc2004 at comcast.net> wrote:

> Hi Yang,
> 
>   Look at this:
> 
> http://www.marsdominion.com/2013/02/01/configuring-a-rhn-satellite-server-with-a-third-party-cert/
> 
> Here is the wiki on changing the name of the server. Give ideas where files that need to be changed:
> 
> https://fedorahosted.org/spacewalk/wiki/How_to_rename_or_change_a_satellite_hostnam
> 
> Also what I found is you need to rebuild the rpms found under /root/ssl-build so the new certs are used. Remove the old rpm's and use the new ones. Also jabber and osa-dispatcher will be unhappy too!
> 
> Anyway, hope this helps!
> 
> Regards,
> 
> Glen Collins
> 
> ----- Original Message -----
> I am trying to use real certificate with spacewalk server. I have changed /etc/httpd/conf.d/ssl.conf with following:
> 
> SSLCertificateFile /etc/pki/tls/certs/server.crt
> SSLCertificateKeyFile /etc/pki/tls/private/server.key
> SSLCertificateChainFile /etc/pki/tls/certs/server_interm.crt
> 
> I restarted spacewalk-service
> 
> # spacewalk-service restart
> 
> My spacewalk web GUI seems work fine, but I think I may have missed something else since all my client will get the SSL certificate failed verification error.
> 
> # yum check-update
> Loaded plugins: product-id, rhnplugin, subscription-manager
> This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
> 
> 
> The SSL certificate failed verification.
> 
> Is there a instruction what else I should do to get everything changed?
> 
> Thanks,
> Yang
> 
> 
> 
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list