[Spacewalk-list] More Spacewalk 26 Certificate Problems....can't get 3rd party cert to work with osa-dispatcher and jabber

Eric ericb at enrsystems.com
Wed Jun 7 19:23:00 UTC 2017 

Hi Avi, 

Thanks for the reply.  The Redhat Satellite 5.4 and later docs have this line 
for the install:

# cp /etc/httpd/conf/ssl.key/server.key /etc/jabberd/server.pem
# cat /etc/httpd/conf/ssl.crt/server.crt >> /etc/jabberd/server.pem
# cp /etc/jabberd/server.pem /etc/pki/spacewalk/jabberd/server.pem

This deviates dramatically from the oracle doc.

This step would append the server.crt deployed by the ssl key pair rpm into 
the jabber server.pem file.....which would make it no longer match the one 
deployed by the rpm.

Consequently, based on what I'm seeing......the key pair rpm deploys the pem 
file to /etc/pki/spacewalk/jabberd/  BUT NOT /etc/jabberd

This would ALSO result in a mismatch between those pem files.

I could not fine a newer Oracle document for this procedure....is there 
something newer than the Spacewalk 2.2 doc I referenced earlier?


On Thursday 08 June 2017 05:10:37 Avi Miller wrote:
> Hi,
> 
> > On 8 Jun 2017, at 2:58 am, Eric <ericb at enrsystems.com> wrote:
> > 
> > I primarily used these two docs to perform the install (I could not find a
> > 2.6
> > specific doc):
> The Spacewalk 2.6 docs from Oracle are here:
> https://docs.oracle.com/cd/E52668_01/E85212/html/sw22-replace-cert.html
> > The Oracle doc and most of the other docs do not address the server.pem
> > file for Jabber at all, just has you clear the jabber db and restart.
> 
> Yes, it does. The server.pem is created by rhn-ssl-tool as part of the
> gen-server run and is deployed when you update the
> rhn-org-httpd-ssl-key-pair RPM (after rebuilding it with rhn-ssl-tool). If
> you check the contents of the RPM, you’ll see it listed:
> 
> # rpm -qlp
> /root/ssl-build/swksvr/rhn-org-httpd-ssl-key-pair-swksvr-1.0-rev.noarch.rpm
> 
> /etc/httpd/conf/ssl.crt/server.crt
> /etc/httpd/conf/ssl.csr/server.csr
> /etc/httpd/conf/ssl.key/server.key
> /etc/pki/spacewalk/jabberd/server.pem
> 
> So, assuming you follow our docs completely and recreated the RPMs and then
> installed them as directed on your Spacewalk server, you would have updated
> the server.pem for jabberd as well.
> 
> Cheers,
> Avi
> 
> --
> Oracle <http://www.oracle.com>
> Avi Miller | Product Management Director | +61 (3) 8616 3496
> Oracle Linux and Virtualization
> 417 St Kilda Road, Melbourne, Victoria 3004 Australia
> 
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list