[Spacewalk-list] Webui to use http not https?
Emgee King (WLT GB)
Emgee.King at wlt.com
Fri Aug 25 13:05:55 UTC 2017
Thank you Radovan
I've been using option 1 for a while now.
Option 2 gives: Failed to decode the file. Either it is not in PKCS #12 format, has been corrupted, or the password you entered was incorrect
So ill look into option 3.
Thanks again.
-----Original Message-----
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Radovan Drazny
Sent: Friday, August 25, 2017 2:37 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] Webui to use http not https?
On Friday, August 25, 2017 1:47:13 PM CEST Emgee King (WLT GB) wrote:
> The setup generates the ssl certificate for use, but is insecure: "
> Your connection is not secure"
> Since we are using an internal domain
> "spacewalk-live.internal", access to this server is only accessible
> via VPN anyway. So I don't see the need for an insecure ssl cert.
Famous last words :-)
It would be better to:
1) add an exception to your web browser, so it's not going to bother you with "insecure" messages anymore. You will still have an "insecure" icon in the web browser's address bar, though.
2) If you did a standard SW install, check the ~/ssl-build directory on your SW server. You should find certs and keys there. Find the "RHN-ORG-TRUSTED- SSL-CERT" file, and import it into your web browser. Your connection to the SW server is secure now (green padlock and all). The certificate at "https://<sw-server-fqdn>/pub/RHN-ORG-TRUSTED-SSL-CERT" is the same one.
3) Setup a proper certificate for your SW server. Example for Let's Encrypt can be found here: https://omg.dje.li/2017/04/using-lets-encrypt-ssl-certificates-with-spacewalk/ If you want to use your own CA, modify the process accordingly.
Any of these three solutions is much much better (and easier - maybe except the last one), than circumventing your SW server security.
--
Radovan
>
>
> -----Original Message-----
> From: spacewalk-list-bounces at redhat.com
> [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Radovan Drazny
> Sent: Friday, August 25, 2017 12:57 PM
> To: spacewalk-list at redhat.com
> Subject: Re: [Spacewalk-list] Webui to use http not https?
>
> On Friday, August 25, 2017 12:39:18 PM CEST Emgee King (WLT GB) wrote:
> > I've got Spacewalk 2.6 setup with 226 Ubuntu precise and trusty systems.
> > Registration is working over SSL, but what changes are required to
> > have the WebUI use https instead of https?
> >
> > Does anyone have any thoughts?
> >
> >
> > GOGREEN Climate Protection with DHL: please consider your
> > environmental responsibility before printing this email.
> >
> > This email is intended exclusively for the individual or entity to
> > which it is addressed. This communication may contain information
> > that is proprietary, privileged or confidential. If you are not the
> > named addressee, you are not authorized to read, print, retain, copy
> > or disseminate this message or any part of it. If you have received
> > this message in error, please notify the sender immediately by email
> > and delete all copies of the message.
> >
> > _______________________________________________
> > Spacewalk-list mailing list
> > Spacewalk-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/spacewalk-list
>
> What is your motivation for accessing WebUI using http? Because I
> don't think it is a good idea.
>
> --
> Radovan
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
>
> GOGREEN Climate Protection with DHL: please consider your
> environmental responsibility before printing this email.
>
> This email is intended exclusively for the individual or entity to
> which it is addressed. This communication may contain information that
> is proprietary, privileged or confidential. If you are not the named
> addressee, you are not authorized to read, print, retain, copy or
> disseminate this message or any part of it. If you have received this
> message in error, please notify the sender immediately by email and
> delete all copies of the message.
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
--
Radovan Dražný
rdrazny at redhat.com
Satellite 5 QE Team
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list
GOGREEN Climate Protection with DHL: please consider your environmental responsibility before printing this email.
This email is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by email and delete all copies of the message.
More information about the Spacewalk-list
mailing list