[Spacewalk-list] Auto-deploying renewed cert
Robert Paschedag
robert.paschedag at web.de
Thu Oct 5 20:24:04 UTC 2017
Am 5. Oktober 2017 21:14:28 MESZ schrieb Daryl Rose <darylrose at outlook.com>:
>Avi,
>
>
>I'm using a signed cert, not the self-signed cert that is created on
>installation. The signed cert will expire at the end of the year.
>
>
>Daryl
>
>
>________________________________
>From: spacewalk-list-bounces at redhat.com
><spacewalk-list-bounces at redhat.com> on behalf of Avi Miller
><avi.miller at oracle.com>
>Sent: Thursday, October 5, 2017 1:37 PM
>To: spacewalk-list at redhat.com
>Subject: Re: [Spacewalk-list] Auto-deploying renewed cert
>
>Hi,
>
>
>> On 5 Oct 2017, at 10:52 am, Daryl Rose <darylrose at outlook.com> wrote:
>>
>> To the best of my knowledge, the CA is not changing. So, even though
>the cert expires, I don't have to push out a new cert with the updated
>expiration date? That would be great.
>
>Correct. The certificate that is pushed out to clients is the Spacewalk
>CA certificate (which is self-signed by default), so if that doesn't
>change, there's nothing to update.
>
>Cheers,
>Avio
>
>--
>Oracle <http://www.oracle.com>
>Oracle | Integrated Cloud Applications and Platform
>Services<http://www.oracle.com/>
>www.oracle.com
>Oracle offers a comprehensive and fully integrated stack of cloud
>applications and platform services.
>
>
>
>Avi Miller | Product Management Director | +61 (3) 8616 3496
>Oracle Linux and Virtualization
>417 St Kilda Road, Melbourne, Victoria 3004 Australia
>
>
>_______________________________________________
>Spacewalk-list mailing list
>Spacewalk-list at redhat.com
>https://www.redhat.com/mailman/listinfo/spacewalk-list
>Spacewalk-list Info Page - Red
>Hat<https://www.redhat.com/mailman/listinfo/spacewalk-list>
>www.redhat.com
>Red Hat Linux is the centerpiece of a complete solution that includes
>software, support, training, and services. We feature a broad range of
>solutions to serve a ...
I'm not sure, if we are talking about the same certs. So I define some statements.
Server cert: the certificate your spacewalk webserver uses and which you see when you go to the "admin" page.
CA cert: this is the cert, that signed the "server cert". This is the cert, that has to be deployed (and currently "is" deployed) to all your SW clients.
Now which expires? The "ca cert" or the "server cert"?
If "server cert", then renew it and you're done.
If "ca cert", you have to deploy that to the clients.
Robert
More information about the Spacewalk-list
mailing list