[Spacewalk-list] Still struggling with a signed certificate

Daryl Rose darylrose at outlook.com
Tue Sep 22 15:16:13 UTC 2015 

Robert,

Where is the configuration that I need to change so SW is using a FQDN?  I've checked every config file that I am aware of.  I must be missing something, but I'm not sure where.

Thank you.

Daryl 

________________________________________
From: spacewalk-list-bounces at redhat.com <spacewalk-list-bounces at redhat.com> on behalf of Robert Paschedag <robert.paschedag at web.de>
Sent: Monday, September 21, 2015 3:33 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] Still struggling with a signed certificate

Your hostname is a FQDN....and not only the "hostname" (without .domain)?

Using only "hostname" within configs and using a wildcard certificate
does not work, because "*.domain" does NOT match only the hostname, if
you did not explicitly specify an alternate name within the certificate.

Regards,
Robert

Am 21.09.2015 um 17:44 schrieb Daryl Rose:
> As I reported before, I decided to move my SW environment forward, and
> put up a production SW server.  The signed certificate works fine in my
> dev/test demonstration environment, but I just can't get it working in
> the production environment.
>
>
> My last email, I was able to get the cert to work just fine with the
> RHEL  servers, but it kept failing with the SLES servers.  I finally
> decided to rebuild the entire SW server.  Fresh install of RHEL, fresh
> install of SW.
>
>
> I followed the steps exact, and did everything exactly the same way that
> I did on my dev/demo server. But something is different.
>
>
> When I try to start spacewalk, I get an error from the osa-dispatcher
> complaining that about a certificate name mismatch:
>
>
>
> Starting osa-dispatcher: Spacewalk 20830 2015/09/21 10:35:28 -05:00:
> ('Traceback caught:',)
> Spacewalk 20830 2015/09/21 10:35:28 -05:00: ('Traceback (most recent
> call last):\n  File "/usr/share/rhn/osad/jabber_lib.py", line 632, in
> connect\n    self.verify_peer(ssl)\n  File
> "/usr/share/rhn/osad/jabber_lib.py", line 713, in verify_peer\n
>  (self._host, common_name))\nSSLVerifyError: Mismatch: peer name:
> <SERVER NAME>; common name: *.<DOMAIN.NAME> .\n',)
>
>
> I've verified everything against the dev/demo machine and all of the
> certificate information in ssl-build matches exactly.  e.g.  server.key,
> server.crt, server.csr, server.pem and RHN-ORG-TRUSTED-SSL-CERT.
>
> I've recreated this certificate multiple times.  The only thing that I
> can think of, is there must be a cert, or file somewhere that did not
> get updated.
>
> Any suggestions?
>
> Thank you.
>
> Daryl
>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list