[Spacewalk-list] how to use real certificate with spacewalk

Glen Collins glenc2004 at comcast.net
Wed Nov 26 17:25:55 UTC 2014


Hi Yang,

   Look at this:

http://www.marsdominion.com/2013/02/01/configuring-a-rhn-satellite-server-with-a-third-party-cert/

Here is the wiki on changing the name of the server. Give ideas where files that need to be changed:

https://fedorahosted.org/spacewalk/wiki/How_to_rename_or_change_a_satellite_hostnam

Also what I found is you need to rebuild the rpms found under /root/ssl-build so the new certs are used. Remove the old rpm's and use the new ones. Also jabber and osa-dispatcher will be unhappy too!

Anyway, hope this helps!

Regards,

Glen Collins

----- Original Message -----
I am trying to use real certificate with spacewalk server. I have changed /etc/httpd/conf.d/ssl.conf with following:

SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
SSLCertificateChainFile /etc/pki/tls/certs/server_interm.crt

I restarted spacewalk-service

# spacewalk-service restart

My spacewalk web GUI seems work fine, but I think I may have missed something else since all my client will get the SSL certificate failed verification error.

# yum check-update
Loaded plugins: product-id, rhnplugin, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.


The SSL certificate failed verification.

Is there a instruction what else I should do to get everything changed?

Thanks,
Yang




_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list




More information about the Spacewalk-list mailing list