[Spacewalk-list] Subject Alternate names
Olly Mason
ollymason at gmail.com
Wed Oct 28 07:39:57 UTC 2015
Hi,
I have a question about osad and subject alternate names and can't find
an answer in satellite or spacewalk docs.
We have a spacewalk 2.4 install with multiple NICs
- the primary FQDN resolves to a public NIC and spacewalk is setup with
that name
- a second DNS name, spacewalk-mng resolves to the management NIC.
Up2date conf files refer to the spacewalk-mng full domain name
We are using certificates generated by rhn-ssl-tool, using --set-cname
to add a SAN matching the second domain name into the csr and cert
generated from that. The clients are correctly trusting the CA cert used
to generate the server cert.
This works fine for yum plugin, but osad doesn't start - it refuses to
connect with a SSLDisabledError generated in jabber_lib.py. It appears
that the client doesn't like SANs? We need to be able to connect over
both NICs (both DNS names) with TLS preferably, and don't want to do a
hosts file hack. Is there any way of altering client config or code such
that a valid cert using SANs is still usable?
I have tried disabling the SSL cert Common Name check in the code, but
regardless osad won't connect.
Regards,
Olly
More information about the Spacewalk-list
mailing list