[Spacewalk-list] Renewing Third-Party CA SSL Certificate with FQDN
Robert Paschedag
robert.paschedag at web.de
Wed Oct 28 08:18:53 UTC 2015
Oh... Wait a minute!!!Am 28.10.2015 8:01 vorm. schrieb Robert Paschedag <robert.paschedag at web.de>:
>
> As long as the root CA did NOT change, your steps should work and no client need to update anything.
>
> You don't need to clear the jabber db.
>
> Regards
> RobertAm 28.10.2015 3:14 vorm. schrieb Jun <junk at mle.org>:
> >
> > Hoping someone can offer some advice on the following situation.
> >
> > Have an internal spacewalk 2.2 server that is using a third-party CA
> > certificate (not an internal CA)
> > * The CSR used for the current ssl certificate specified the CN with
> > the short hostname (not FQDN). For example, if hostname =
> > myserver.domain.com, CN = myserver
> > * The ssl certificate is expiring.
> > * The third-party CA is no longer issuing ssl certificates for short hostnames
> >
> > Would like to use the same CA and minimize impact.
> >
> > Would something like this be sufficient; if not, appreciate any suggestions:
> > * manually generate a new CSR with CN with fully qualified hostname
> > using the existing server key
> > * submit CSR to same third-party CA
> > * backup /etc/httpd/conf/ssl.*, /etc/pki, /root/ssl-build,
> > /var/www/html/pub, jabberd/server.pem
> > install new third-party CA ssl certificate:
> > During maintenance:
> > * replace a copy of the new ssl certificate (.crt) and .csr in Apache
> > directories
> > * convert crt to pem and update /etc/pki/spacewalk/jabberd/server.pem
> > * stop spacewalk
> > * clear jabber database
> > * start spacewalk
> >
> > Hoping the clients do not have to be updated (i.e.
> > /etc/sysconfig/rhn/up2date or RHN-ORG-TRUSTED-SSL-CERT)
> > Appears they are referencing the shortname (but the domain being used
> > is in the dns search order)
> >
> > Thank you for your advice.
> >
> > _______________________________________________
> > Spacewalk-list mailing list
> > Spacewalk-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/spacewalk-list
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
More information about the Spacewalk-list
mailing list