[Spacewalk-list] Webui to use http not https?

Fri Aug 25 12:37:08 UTC 2017

On Friday, August 25, 2017 1:47:13 PM CEST Emgee King (WLT GB) wrote:
> The setup generates the ssl certificate for use, but is insecure: " Your
> connection is not secure"
> Since we are using an internal domain
> "spacewalk-live.internal", access to this server is only accessible via VPN
> anyway. So I don't see the need for an insecure ssl cert.

Famous last words :-)

It would be better to:

1) add an exception to your web browser, so it's not going to bother you with 
"insecure" messages anymore. You will still have an "insecure" icon in the web 
browser's address bar, though.

2) If you did a standard SW install, check the ~/ssl-build directory on your 
SW server. You should find certs and keys there. Find the "RHN-ORG-TRUSTED-
SSL-CERT" file, and import it into your web browser. Your connection to the SW 
server is secure now (green padlock and all). The certificate at "https://<sw-server-fqdn>/pub/RHN-ORG-TRUSTED-SSL-CERT" is the same one. 

3)  Setup a proper certificate for your SW server. Example for Let's Encrypt 
can be found here: https://omg.dje.li/2017/04/using-lets-encrypt-ssl-certificates-with-spacewalk/ If you want to use your own CA, modify the 
process accordingly.

Any of these three solutions is much much better (and easier - maybe except 
the last one), than circumventing your SW server security.

--
Radovan

> 
> 
> -----Original Message-----
> From: spacewalk-list-bounces at redhat.com
> [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Radovan Drazny
> Sent: Friday, August 25, 2017 12:57 PM
> To: spacewalk-list at redhat.com
> Subject: Re: [Spacewalk-list] Webui to use http not https?
> 
> On Friday, August 25, 2017 12:39:18 PM CEST Emgee King (WLT GB) wrote:
> > I've got Spacewalk 2.6 setup with 226 Ubuntu precise and trusty systems.
> > Registration is working over SSL, but what changes are required to
> > have the WebUI use https instead of https?
> > 
> > Does anyone have any thoughts?
> > 
> > 
> > GOGREEN Climate Protection with DHL: please consider your
> > environmental responsibility before printing this email.
> > 
> > This email is intended exclusively for the individual or entity to
> > which it is addressed. This communication may contain information that
> > is proprietary, privileged or confidential. If you are not the named
> > addressee, you are not authorized to read, print, retain, copy or
> > disseminate this message or any part of it. If you have received this
> > message in error, please notify the sender immediately by email and
> > delete all copies of the message.
> > 
> > _______________________________________________
> > Spacewalk-list mailing list
> > Spacewalk-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> What is your motivation for accessing WebUI using http? Because I don't
> think it is a good idea.
> 
> --
> Radovan
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> 
> GOGREEN Climate Protection with DHL: please consider your environmental
> responsibility before printing this email.
> 
> This email is intended exclusively for the individual or entity to which it
> is addressed. This communication may contain information that is
> proprietary, privileged or confidential. If you are not the named
> addressee, you are not authorized to read, print, retain, copy or
> disseminate this message or any part of it. If you have received this
> message in error, please notify the sender immediately by email and delete
> all copies of the message.
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

-- 
Radovan Dražný
rdrazny at redhat.com
Satellite 5 QE Team