[Spacewalk-list] Still struggling with a signed certificate
Robert Paschedag
robert.paschedag at web.de
Tue Sep 22 16:48:04 UTC 2015
Look in /etc/httpd/conf.d/ssl.conf
And for jabber, it should be in /etc/jabberd/ config files.
Regards
Robert
Am 22. September 2015 17:16:13 MESZ, schrieb Daryl Rose <darylrose at outlook.com>:
>Robert,
>
>Where is the configuration that I need to change so SW is using a FQDN?
>I've checked every config file that I am aware of. I must be missing
>something, but I'm not sure where.
>
>Thank you.
>
>Daryl
>
>________________________________________
>From: spacewalk-list-bounces at redhat.com
><spacewalk-list-bounces at redhat.com> on behalf of Robert Paschedag
><robert.paschedag at web.de>
>Sent: Monday, September 21, 2015 3:33 PM
>To: spacewalk-list at redhat.com
>Subject: Re: [Spacewalk-list] Still struggling with a signed
>certificate
>
>Your hostname is a FQDN....and not only the "hostname" (without
>.domain)?
>
>Using only "hostname" within configs and using a wildcard certificate
>does not work, because "*.domain" does NOT match only the hostname, if
>you did not explicitly specify an alternate name within the
>certificate.
>
>Regards,
>Robert
>
>Am 21.09.2015 um 17:44 schrieb Daryl Rose:
>> As I reported before, I decided to move my SW environment forward,
>and
>> put up a production SW server. The signed certificate works fine in
>my
>> dev/test demonstration environment, but I just can't get it working
>in
>> the production environment.
>>
>>
>> My last email, I was able to get the cert to work just fine with the
>> RHEL servers, but it kept failing with the SLES servers. I finally
>> decided to rebuild the entire SW server. Fresh install of RHEL,
>fresh
>> install of SW.
>>
>>
>> I followed the steps exact, and did everything exactly the same way
>that
>> I did on my dev/demo server. But something is different.
>>
>>
>> When I try to start spacewalk, I get an error from the osa-dispatcher
>> complaining that about a certificate name mismatch:
>>
>>
>>
>> Starting osa-dispatcher: Spacewalk 20830 2015/09/21 10:35:28 -05:00:
>> ('Traceback caught:',)
>> Spacewalk 20830 2015/09/21 10:35:28 -05:00: ('Traceback (most recent
>> call last):\n File "/usr/share/rhn/osad/jabber_lib.py", line 632, in
>> connect\n self.verify_peer(ssl)\n File
>> "/usr/share/rhn/osad/jabber_lib.py", line 713, in verify_peer\n
>> (self._host, common_name))\nSSLVerifyError: Mismatch: peer name:
>> <SERVER NAME>; common name: *.<DOMAIN.NAME> .\n',)
>>
>>
>> I've verified everything against the dev/demo machine and all of the
>> certificate information in ssl-build matches exactly. e.g.
>server.key,
>> server.crt, server.csr, server.pem and RHN-ORG-TRUSTED-SSL-CERT.
>>
>> I've recreated this certificate multiple times. The only thing that
>I
>> can think of, is there must be a cert, or file somewhere that did not
>> get updated.
>>
>> Any suggestions?
>>
>> Thank you.
>>
>> Daryl
>>
>>
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>
>_______________________________________________
>Spacewalk-list mailing list
>Spacewalk-list at redhat.com
>https://www.redhat.com/mailman/listinfo/spacewalk-list
--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20150922/859ffdab/attachment.htm>
More information about the Spacewalk-list
mailing list