[Spacewalk-list] repository certificate update issue

Wed Dec 9 21:42:32 UTC 2015

Here is what I was trying so hard to re-discover where it lives in spacewalk.  If there's some clear documentation on this on the web it's not being indexed to where it's easy to find with web search engines.

When you need to apply and/or update CA/Entitlement/Client SSL keys:

Navigate this path in the GUI (Spacewalk 2.x)
Systems --> Kickstart --> GPG and SSL Keys

select the key you need to update (annual contract renewal will probably require updating the Entitlement key of the provider you're using), capture the contents of the associated file from the spacewalk master server, select all in the Key Update page, paste in the new key contents, click Update Key

Then on the Web UI navigate to Channels --> Manage Software Channels --> <Your channel that uses the entitlement you updated>
Select the "Repositories" tab. Select sub-tab "Sync", then click the "Sync Now" button.

To watch the log of activity log in/sudo as root on the spacewalk master server and enter

tail -f /var/log/rhn/reposync/<channel id>.log

If you're subscribed to Red Hat and want to know where to find the key(s) you need, please send me a direct email and I'll tell you which directories to look in for each of the keys.

Robert Boyd

Robert Boyd
Sr. Systems Engineer
PeopleFluent
p. 919-645-2972 | c. 919-306-4681
e. Robert.Boyd at PeopleFluent.com<mailto:robert.boyd at peoplefluent.com>

[http://mktg.peoplefluent.com/rs/peopleclick/images/140410_PF4colorLOGOx150.png]<http://www.peoplefluent.com/>
Click here<http://www.peoplefluent.com/> to experience the power of the new PeopleFluent Mirror Suite (tm)
Visit: www.peoplefluent.com<http://www.peoplefluent.com/> | Read: PeopleFluent Blog<http://peoplefluent.com/resources/peoplefluent-blog> | Follow: @PeopleFluent<http://twitter.com/peoplefluent>

From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Boyd, Robert
Sent: Tuesday, December 08, 2015 4:35 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] RedHat repository certificate issue

I discovered a partial answer to my question:

spacewalk-report repositories

will dump out all of the certificates registered to Spacewalk.

Now I'm investigating what's different between the old and the current CA certificates.

From: spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com> [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Boyd, Robert
Sent: Tuesday, December 08, 2015 3:53 PM
To: spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>
Subject: [Spacewalk-list] RedHat repository certificate issue

I'm having a problem with repo-sync which we've narrowed down with tcpdump/wireshark to see that my spacewalk server is rejecting the SSL CA cert from the remote end(at Red Hat) because it is failing to verify as having a valid signing authority.   I'm assuming that I need to re-load the certificate into spacewalk, but I'd like to compare the certificate that cdn.redhat.com is sending now to the one that I previously loaded in spacewalk.   Is this possible?

I'm currently running spacewalk 2.2 on RHEL6

How can I list the certificates I have loaded in spacewalk already?  On the repository details page I can see the names I assigned to them in the drop down lists for ssl ca cert and so forth.   Is there somewhere in the GUI that I can examine these names and the files/keys they are associated with?  Or is there some way with the command line tools to do that?

Thanks,

Robert Boyd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20151209/f67984f1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5805 bytes
Desc: image001.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20151209/f67984f1/attachment.png>