[Spacewalk-list] More Spacewalk 26 Certificate Problems....can't get 3rd party cert to work with osa-dispatcher and jabber

[Avi Miller]

Hi,

> On 8 Jun 2017, at 8:56 am, Avi Miller <avi.miller at oracle.com> wrote:
> 
> So, my advice is to find the Root CA chain for your Venafi-provided certificates and create a full chain certificate as outlined in my Let’s Encrypt blog to see if that works.

More detail: the full chain needs to be provided in RHN-ORG-TRUSTED-SSL-CERT and that must be copied across to /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT because that’s where osa-dispatcher is configured to look by default in /etc/rhn/rhn.conf:

osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT

This is the CA chain file and is used to validate the certificate presented by the Spacewalk web services. In self-signed mode, Spacewalk includes the CA certificate of the Spacewalk server, but this needs to be manually provided when you replace them.

This is documented in our procedure in step 3, which specifies that you need to create the full chain, including all root and intermediate CA certificates, in order from the root down.

Cheers,
Avi

--
Oracle <http://www.oracle.com>
Avi Miller | Product Management Director | +61 (3) 8616 3496
Oracle Linux and Virtualization
417 St Kilda Road, Melbourne, Victoria 3004 Australia