[Spacewalk-list] Renewing Third-Party CA SSL Certificate with FQDN

Robert Paschedag robert.paschedag at web.de
Wed Oct 28 08:18:53 UTC 2015 

Oh... Wait a minute!!!Am 28.10.2015 8:01 vorm. schrieb Robert Paschedag <robert.paschedag at web.de>:
>
> As long as the root CA did NOT change, your steps should work and no client need to update anything.
>
> You don't need to clear the jabber db.
>
> Regards
> RobertAm 28.10.2015 3:14 vorm. schrieb Jun <junk at mle.org>:
> >
> > Hoping someone can offer some advice on the following situation. 
> >
> > Have an internal spacewalk 2.2 server that is using a third-party CA 
> > certificate (not an internal CA) 
> > * The CSR used for the current ssl certificate specified the CN with 
> > the short hostname (not FQDN).  For example, if hostname = 
> > myserver.domain.com, CN = myserver 
> > * The ssl certificate is expiring. 
> > * The third-party CA is no longer issuing ssl certificates for short hostnames 
> >
> > Would like to use the same CA and minimize impact. 
> >
> > Would something like this be sufficient; if not, appreciate any suggestions: 
> > * manually generate a new CSR with CN with fully qualified hostname 
> > using the existing server key 
> > * submit CSR to same third-party CA 
> > * backup /etc/httpd/conf/ssl.*, /etc/pki, /root/ssl-build, 
> > /var/www/html/pub, jabberd/server.pem 
> > install new third-party CA ssl certificate: 
> > During maintenance: 
> > * replace a copy of the new ssl certificate (.crt) and .csr in Apache 
> > directories 
> > * convert crt to pem and update /etc/pki/spacewalk/jabberd/server.pem 
> > * stop spacewalk 
> > * clear jabber database 
> > * start spacewalk 
> >
> > Hoping the clients do not have to be updated (i.e. 
> > /etc/sysconfig/rhn/up2date or RHN-ORG-TRUSTED-SSL-CERT) 
> > Appears they are referencing the shortname (but the domain being used 
> > is in the dns search order) 
> >
> > Thank you for your advice. 
> >
> > _______________________________________________ 
> > Spacewalk-list mailing list 
> > Spacewalk-list at redhat.com 
> > https://www.redhat.com/mailman/listinfo/spacewalk-list
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list