[Spacewalk-list] Spacewalk 2.1 | SSL Certificate Invalid when using HTTPS for host registration

Francis Lee Mondia endace.francis.mondia at gmail.com
Sat Jul 15 20:30:12 UTC 2017 

Hi Michael,

Thanks for the reply!

On the following suggestions:
1. Upgrade to latest version - definitely but I want to settle the SSL
issue first (might just do this next week though if SSL isn't resolved)
2. Spacewalk-hostname-rename
- I've done this but haven't resolved the issue. Had to google how to
install the certificate which led me to
https://access.redhat.com/solutions/10809
-  Followed that guide in just installing the certificate (copying rpms,
re-installing, etc)  but decided to do the the whole shebang instead after
encountering the same issue
- now I'm stuck with this:

[root at spacewalkserver ~]# rhn-ssl-dbstore
--ca-cert=/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT -vvvvvvvv
Public CA SSL certificate:  /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
Nothing to do: certificate to be pushed matches certificate in database.
Nothing to do: certificate to be pushed matches certificate in database.

ERROR: unhandled exception occurred:
Traceback (most recent call last):
  File "/usr/bin/rhn-ssl-dbstore", line 43, in <module>
    sys.exit(abs(mod.main() or 0))
  File
"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_ssl_dbstore.py",
line 79, in main
    satCerts.store_rhnCryptoKey(values.label, values.ca_cert,
verbosity=values.verbose)
  File
"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py",
line 673, in store_rhnCryptoKey
    verbosity=verbosity)
  File
"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py",
line 614, in _checkCertMatch_rhnCryptoKey
    h.execute(rhn_cryptokey_id=rhn_cryptokey_id)
  File
"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py",
line 153, in execute
    return apply(self._execute_wrapper, (self._execute, ) + p, kw)
  File
"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py",
line 290, in _execute_wrapper
    retval = apply(function, p, kw)
  File
"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py",
line 207, in _execute
    return self._execute_(args, kwargs)
  File
"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py",
line 309, in _execute_
    self._real_cursor.execute(self.sql, params)
psycopg2.IntegrityError: update or delete on table "rhncryptokey" violates
foreign key constraint "rhn_csssl_cacertid_fk" on table
"rhncontentsourcessl"
DETAIL:  Key (id)=(1) is still referenced from table "rhncontentsourcessl".


- I've found this: [
https://www.redhat.com/archives/spacewalk-list/2016-January/msg00046.html]
which states I should remove the assignment first. THIS I DON'T KNOW HOW TO
DO.
- I think it's this [
http://gatwards.org/techblog/replacing-spacewalk-ssl-certificates] shows
how to do it but I'm adamant to delete the only pair on it. I've deleted
all expired certs before.

Thanks in advance.

Kind regards,
Francis

On Fri, Jul 14, 2017 at 11:35 PM, Michael Mraka <michael.mraka at redhat.com>
wrote:

> Francis Lee Mondia:
> > Hi All,
> >
> > Sorry for this seemingly noob question but I'm new to spacewalk and just
> > inherited a system which was not being used for about 2 years and now
> I've
> > been tasked to revive it.
>
> Hi,
>
> First of all I'd suggest upgrade to latest Spacewalk (2.6) because there
> were a lot of bugs fixed since then (including security issues).
>
> > So I've got the system running, updated the channels, repos and now came
> > the process of re-adding hosts to the system. I was being shown the SSL
> > certicate error as I think the certificate has expired. I can register
> > hosts fine without SSL, and can push package updates to hosts fine
> without
> > it. I do want to resolve this though moving forward. I've tried the
> > numerous suggestions I can find (we have a red hat subscription so was
> able
> > to try their solutions too but none worked).
>
> Install spacewalk-utils package and run spacewalk-hostname-rename script.
> It will regenerate all SSL certs.
>
> > I'd also like to know though if upgrading spacewalk to a newer version
> > install a new SSL cert. When we first took a look at the system, we
>
> AFAIR upgrade will not change SSL certs.
>
> > couldn't log-in as the satellite certificate was expired and we had to
> > generate one from red hat support to be able to log back in.
> >
> > Hoping for some guidance on this from the community.
> >
> > Kind regards,
> > Francis
>
> Regards,
>
>
> --
> Michael Mráka
> System Management Engineering, Red Hat
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20170716/abd4a337/attachment.htm>

More information about the Spacewalk-list mailing list