[Spacewalk-list] More Spacewalk 26 Certificate Problems....can't get 3rd party cert to work with osa-dispatcher and jabber

Eric ericb at enrsystems.com
Thu Jun 8 19:26:53 UTC 2017 

SUCCESS!

Ok, so the main issue is that all of the available docs "assume" that the CSR 
is generated on the Spacewalk server, which is not always the case.  Since we 
use a tool for our company, and you do the CSR on the tool itself....you have 
to download that in addition to the cert.  You also have to use the private 
key.

So the additional steps in my case were:

retrieve the CSR and copy it to /root/ssl-build/<hostname>/server.csr

retrieve the .key file, use openssl rsa to strip the password out, and copy it 
to /root/ssl-build/<hostname>/server.key


In addition, these steps in the Redhat doc break osa-dispatcher:

# cp /etc/httpd/conf/ssl.key/server.key /etc/jabberd/server.pem
# cat /etc/httpd/conf/ssl.crt/server.crt >> /etc/jabberd/server.pem
# cp /etc/jabberd/server.pem /etc/pki/spacewalk/jabberd/server.pem

Do NOT do those steps.

With the exception of the additional steps I did regarding the key and csr, I 
followed the current Spacewalk 2.6 Oracle document linked to previously.


Thanks everybody for the help!  



On Thursday 08 June 2017 09:12:23 David Hrbáč wrote:
> Avi,
> 
> I realised meanwhile. Thanks fro sharing. It helped with our CA.
> 
> Thanks,
> DH
> 
> 2017-06-07 21:36 GMT+02:00 Avi Miller <avi.miller at oracle.com>:
> > Hi,
> > 
> > On 8 Jun 2017, at 5:30 am, David Hrbáč <david-lists at hrbac.cz> wrote:
> > 
> > Interesting reading is also here https://omg.dje.li/2017/
> > 04/using-lets-encrypt-ssl-certificates-with-spacewalk/
> > 
> > 
> > Glad you like it, that’s my personal blog. :)
> > 
> > Cheers,
> > Avi
> > 
> > --
> > Oracle <http://www.oracle.com>
> > Avi Miller | Product Management Director | +61 (3) 8616 3496
> > <+61%203%208616%203496>
> > Oracle Linux and Virtualization
> > 417 St Kilda Road, Melbourne, Victoria 3004 Australia
> > 
> > 
> > _______________________________________________
> > Spacewalk-list mailing list
> > Spacewalk-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list