[Spacewalk-list] Still struggling with a signed certificate
Robert Paschedag
robert.paschedag at web.de
Mon Sep 21 20:33:27 UTC 2015
Your hostname is a FQDN....and not only the "hostname" (without .domain)?
Using only "hostname" within configs and using a wildcard certificate
does not work, because "*.domain" does NOT match only the hostname, if
you did not explicitly specify an alternate name within the certificate.
Regards,
Robert
Am 21.09.2015 um 17:44 schrieb Daryl Rose:
> As I reported before, I decided to move my SW environment forward, and
> put up a production SW server. The signed certificate works fine in my
> dev/test demonstration environment, but I just can't get it working in
> the production environment.
>
>
> My last email, I was able to get the cert to work just fine with the
> RHEL servers, but it kept failing with the SLES servers. I finally
> decided to rebuild the entire SW server. Fresh install of RHEL, fresh
> install of SW.
>
>
> I followed the steps exact, and did everything exactly the same way that
> I did on my dev/demo server. But something is different.
>
>
> When I try to start spacewalk, I get an error from the osa-dispatcher
> complaining that about a certificate name mismatch:
>
>
>
> Starting osa-dispatcher: Spacewalk 20830 2015/09/21 10:35:28 -05:00:
> ('Traceback caught:',)
> Spacewalk 20830 2015/09/21 10:35:28 -05:00: ('Traceback (most recent
> call last):\n File "/usr/share/rhn/osad/jabber_lib.py", line 632, in
> connect\n self.verify_peer(ssl)\n File
> "/usr/share/rhn/osad/jabber_lib.py", line 713, in verify_peer\n
> (self._host, common_name))\nSSLVerifyError: Mismatch: peer name:
> <SERVER NAME>; common name: *.<DOMAIN.NAME> .\n',)
>
>
> I've verified everything against the dev/demo machine and all of the
> certificate information in ssl-build matches exactly. e.g. server.key,
> server.crt, server.csr, server.pem and RHN-ORG-TRUSTED-SSL-CERT.
>
> I've recreated this certificate multiple times. The only thing that I
> can think of, is there must be a cert, or file somewhere that did not
> get updated.
>
> Any suggestions?
>
> Thank you.
>
> Daryl
>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
More information about the Spacewalk-list
mailing list