[Spacewalk-list] Spacewalk-list Digest, Vol 111, Issue 36
Paul-Andre Panon
paul-andre.panon at avigilon.com
Fri Aug 25 17:25:02 UTC 2017
>On Friday, August 25, 2017 1:47 PM, Radovan Drazny wrote:
>Subject: Re: Webui to use http not https?
>The setup generates the ssl certificate for use, but is insecure: " Your connection is not secure"
>Since we are using an internal domain "spacewalk-live.internal", access to this server is only accessible via VPN anyway. >So I don't see the need for an insecure ssl cert.
"Your connection is not secure" is relative. Because your cert is not signed by a recognized CA, DNS cache poisoning could be used to redirect your connection to a different host performing a MITM attack, and therefore not completely secure. However, the connection is still encrypted, and therefore less subject to a whole host of simpler attacks which can be used against http.
I would suggest giving Emgee King's option #2 another shot. If your RHN-ORG-TRUSTED-SSL-CERT file is really corrupted then your clients would have problems connecting to your server. So you may have had a transfer issue, or you may be using the wrong cert import approach (you will need to import it as a CA, authorized to authenticate web servers)
Cheers,
Paul-Andre Panon
Senior systems administrator
More information about the Spacewalk-list
mailing list