[Spacewalk-list] SSL Error SLES11 SP1 SP2 SP3
Bernd Helber
bernd at helber-it-services.com
Sun Feb 8 14:02:32 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello List,
we installed a Spacewalk 2.2 Server for central Patchmanagement and
Kickstart Rollouts. Most Things worked flawlessly.
But currently we face an annoying problem with the Spacewalk Clients
for Sles11 SP2, SP3 and also SP1
- From Time to time we see Problems with the SSL Handshake between the
Sles Clients and the Spacewalk Server
Error message: SSL certificate problem, verify that the CA cert is
OK. Details:
As we suspected that there seem to be an issue with the Handshake
between CURL and the Spacewalk Server we tried to upgrade the curl and
the corresponding libraries but the problem stays.
box704:/var/tmp # rpm -Uvh libcurl4-32bit-7.19.7-1.40.1.x86_64.rpm
Preparing...
########################################### [100%]
1:libcurl4-32bit
########################################### [100%]
hydra704:/var/tmp # rpm -Uvh curl-7.19.7-1.40.1.x86_64.rpm
Preparing...
########################################### [100%]
1:curl
########################################### [100%]
hydra704:/var/tmp #
For our SLES11 SP3 Machines we got the Client from the SuSE Repo
zypper ar
http://download.opensuse.org/repositories/systemsmanagement:/spacewalk:/2.2/SLE_11_SP3/x86_64/
spacewalk-tools
And installed the corresponding packages
zypper install rhn-client-tools zypp-plugin-spacewalk rhnsd rhn-setup
rhn-check yum
box704:~ # zypper refresh
Retrieving repository 'sles11sp3' metadata [\]
Download (curl) error for
'https://donkey101.gskv.org/XMLRPC/GET-REQ/bmb-extra_sles11sp3/repodata/repomd.xml?head_requests=no':
Error code: Unrecognized error
Error message: SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
We also cleaned the zypper Cache as well, and rebuilt the Cache Files
on the Spacewalk Server too.
What makes me really wonder is that the Client works on several other
SLES Boxes, with the the same selfsigned SSL Certificate.
I would be really interested to hear if somebody has comparable
problems, cause it seems that we're running out of options
The CentOS 6/7 Boxes in our environment doesnt show those effects
- --
with kind regards
Bernd Helber
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iQEcBAEBAgAGBQJU12x4AAoJEHxIkeoL34IfOHIIAJtXH7w/lA0nkXzInjg6Vi8s
vSE5SWGYbK0GmWCOJoHhxw2Pm1PrHXWcNHvvtDgPlv6zrR8gjhvb3UGVsrEHevQj
4bj9+MFUOha4342dLygNeN8EBqQACqNsdpDGKG8vz8vFd7ulpm8SvcfEk0yDYXFe
EDacUn2vGYvRO6EdGqFuik6JnflC6I9JBNVBs8s8n2TZsKgyDZo58gXepyl0Q/T1
ksSE6nKXLUmMUAoRfDOKr53Fw3rRDa8kA+SBjoipmzniL9eK10q4b2AYzk47CFGv
22UXqWK13i/LyuwcNTgCJLIvKo5uqXNNAvoRFg4LbaZUqqR1euwYBEdAc2Tdzig=
=OISn
-----END PGP SIGNATURE-----
More information about the Spacewalk-list
mailing list