[Spacewalk-list] How to use a signed certificate?

Daryl Rose darylrose at outlook.com
Wed Sep 9 13:12:27 UTC 2015 

Avi,

Here are the steps for registering SLES from the Spacewalk documentation: 

https://fedorahosted.org/spacewalk/wiki/RegisteringClients#SUSE

However, the steps are not completely accurate for SLES 11 SP3.  A few changes need to be made. 

1. Changes to the spacewalk-tools URL.
zypper ar -f http://download.opensuse.org/repositories/systemsmanagement:/spacewalk:/2.3/SLE_11_SP3/ spacewalk-tools

2.  Step two applies to SLES 12, not to SLES 11.  (I learned about that from this forum).  These are the modified steps:
a.  wget http://corp-spwalk-prod01.dtn.com/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
b.  cp /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT /etc/ssl/certs/RHN-ORG-TRUSTED-SSL-CERT.pem
c.  c_rehash /etc/ssl/certs/

After running the c_rehash, I get the following:

lrwxrwxrwx 1 root root   28 Sep  9 08:05 dcfb5746.0 -> RHN-ORG-TRUSTED-SSL-CERT.pem

I'm assuming that this is what I should see.  

These are the same steps that I used in my testing. Is there something wrong with the cert?

Thanks

Daryl

________________________________________
From: spacewalk-list-bounces at redhat.com <spacewalk-list-bounces at redhat.com> on behalf of Avi Miller <avi.miller at oracle.com>
Sent: Tuesday, September 8, 2015 3:39 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] How to use a signed certificate?

Hey Daryl,

> On 9 Sep 2015, at 6:06 am, Daryl Rose <darylrose at outlook.com> wrote:
>
> I decided to move my SW environment into production, so I stood up a brand new SW server and redid the signed certificate according to your documentation.  Everything works fine with the RHEL servers that I've attached, but I'm having certificate issues with SLES.

I don't think we ever tested this with SLES/OpenSUSE as that's not covered under standard Oracle support. I've not even looked into how you register a SLES system to Spacewalk, so I can't comment on how that process would need to be updated for a 3rd-party certificate.

However, this seems like a verification issue, so I would double-check that you're using the correct CA certificate (RHN-ORG-TRUSTED-SSL-CERT) and that it has the entire CA chain contained. Otherwise, the client would not be able to verify the certificate provided by the server.

Can you point me towards the appropriate documentation that outlines the SLES registration process to Spacewalk so I can review?

Thanks,
Avi

--
Oracle <http://www.oracle.com>
Avi Miller | Product Management Director | +61 (3) 8616 3496
Oracle Linux and Virtualization
417 St Kilda Road, Melbourne, Victoria 3004 Australia


_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list