[Spacewalk-list] Auto-deploying renewed cert
Daryl Rose
darylrose at outlook.com
Mon Oct 9 13:12:41 UTC 2017
I just realized that my last reply did not go to the group, but to Robert only. Sorry about that.
I am also thinking that Avi and I are not talking about the same cert. I am not using the signed cert from SW, but I am using a signed cert from an CA.
I found the procedure here on Oracle Docs.
http://docs.oracle.com/cd/E37670_01/E64575/html/swk22-replace-cert.html
Chapter 3 Replacing SSL Certificates on Spacewalk Servers ...<http://docs.oracle.com/cd/E37670_01/E64575/html/swk22-replace-cert.html>
docs.oracle.com
When you install a Spacewalk server or Spacewalk proxy, you create a self-signed SSL certificate that you can use with Spacewalk clients. This section describes how ...
I am using this cert for both the web server as well as between the clients and the SW server.
So, back to my initial question; is there a way to auto deploy this cert when it gets renewed?
Thank you.
Daryl
________________________________
From: Robert Paschedag <robert.paschedag at web.de>
Sent: Thursday, October 5, 2017 3:24 PM
To: spacewalk-list at redhat.com; Daryl Rose; spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] Auto-deploying renewed cert
Am 5. Oktober 2017 21:14:28 MESZ schrieb Daryl Rose <darylrose at outlook.com>:
>Avi,
>
>
>I'm using a signed cert, not the self-signed cert that is created on
>installation. The signed cert will expire at the end of the year.
>
>
>Daryl
>
>
>________________________________
>From: spacewalk-list-bounces at redhat.com
><spacewalk-list-bounces at redhat.com> on behalf of Avi Miller
><avi.miller at oracle.com>
>Sent: Thursday, October 5, 2017 1:37 PM
>To: spacewalk-list at redhat.com
>Subject: Re: [Spacewalk-list] Auto-deploying renewed cert
>
>Hi,
>
>
>> On 5 Oct 2017, at 10:52 am, Daryl Rose <darylrose at outlook.com> wrote:
>>
>> To the best of my knowledge, the CA is not changing. So, even though
>the cert expires, I don't have to push out a new cert with the updated
>expiration date? That would be great.
>
>Correct. The certificate that is pushed out to clients is the Spacewalk
>CA certificate (which is self-signed by default), so if that doesn't
>change, there's nothing to update.
>
>Cheers,
>Avio
>
>--
>Oracle <http://www.oracle.com>
Oracle | Integrated Cloud Applications and Platform Services<http://www.oracle.com/>
www.oracle.com
Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.
>Oracle | Integrated Cloud Applications and Platform
>Services<http://www.oracle.com/>
Oracle | Integrated Cloud Applications and Platform Services<http://www.oracle.com/>
www.oracle.com
Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.
>www.oracle.com<http://www.oracle.com>
Oracle | Integrated Cloud Applications and Platform Services<http://www.oracle.com/>
www.oracle.com
Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.
>Oracle offers a comprehensive and fully integrated stack of cloud
>applications and platform services.
>
>
>
>Avi Miller | Product Management Director | +61 (3) 8616 3496
>Oracle Linux and Virtualization
>417 St Kilda Road, Melbourne, Victoria 3004 Australia
>
>
>_______________________________________________
>Spacewalk-list mailing list
>Spacewalk-list at redhat.com
>https://www.redhat.com/mailman/listinfo/spacewalk-list
Spacewalk-list Info Page - Red Hat<https://www.redhat.com/mailman/listinfo/spacewalk-list>
www.redhat.com
Red Hat Linux is the centerpiece of a complete solution that includes software, support, training, and services. We feature a broad range of solutions to serve a ...
>Spacewalk-list Info Page - Red
>Hat<https://www.redhat.com/mailman/listinfo/spacewalk-list>
Spacewalk-list Info Page - Red Hat<https://www.redhat.com/mailman/listinfo/spacewalk-list>
www.redhat.com
Red Hat Linux is the centerpiece of a complete solution that includes software, support, training, and services. We feature a broad range of solutions to serve a ...
>www.redhat.com<http://www.redhat.com>
[https://www.redhat.com/profiles/rh/themes/redhatdotcom/img/Red_Hat_RGB.jpg]<http://www.redhat.com/>
The world's open source leader<http://www.redhat.com/>
www.redhat.com
Red Hat is the world’s leading provider of open source solutions, using a community-powered approach to provide reliable and high-performing cloud, virtualization, storage, Linux, and middleware technologies. Red Hat also offers award-winning support, training, and consulting services. Red Hat is an S&P 500 company with more than 80 offices spanning the globe, empowering its customers’ businesses.
>Red Hat Linux is the centerpiece of a complete solution that includes
>software, support, training, and services. We feature a broad range of
>solutions to serve a ...
I'm not sure, if we are talking about the same certs. So I define some statements.
Server cert: the certificate your spacewalk webserver uses and which you see when you go to the "admin" page.
CA cert: this is the cert, that signed the "server cert". This is the cert, that has to be deployed (and currently "is" deployed) to all your SW clients.
Now which expires? The "ca cert" or the "server cert"?
If "server cert", then renew it and you're done.
If "ca cert", you have to deploy that to the clients.
Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171009/ef81d046/attachment.htm>
More information about the Spacewalk-list
mailing list