[Spacewalk-list] Valid SSL certificate can no longer be verified

[Alexandria Davis]

Spacewalk Mailing List Subscribers,

I've recently installed spacewalk on one of our CentOS servers, and
replaced the root certificate. Last week, the server was working without
issue. This week, however, both Yum and rhnreg_ks are reporting certificate
certificate errors. If I copy the certificate from the browser to the
client server, however, OpenSSL reports that the certificate can be
verified using the installed root certificate. I've also updated the time
on both the client and server to see if this could be a time skew problem,
but saw no change in outcome. The clients can connect over HTTP, however
this would mean using an insecure connection.

Additionally, the problem was found when attempting to add a second client
to Spacewalk, then replicated on the previously attached client, leading me
to believe that this is in fact a server side issue. Does anyone know of
any diagnostic steps I could use to find the problem?

Thank you,
Alexandria Davis

Below is the error information provided when registering a server

>From rhnreg_ks:

The SSL certificate failed verification.
See /var/log/up2date for more information

>From /var/log/up2date:

Traceback (most recent call last):
>   File "/usr/sbin/rhnreg_ks", line 215, in <module>
>     cli.run()
>   File "/usr/lib/python2.6/site-packages/up2date_client/rhncli.py", line
> 94, in run
>     sys.exit(self.main() or 0)
>   File "/usr/sbin/rhnreg_ks", line 93, in main
>     rhnreg.getCaps()
>   File "/usr/lib/python2.6/site-packages/up2date_client/rhnreg.py", line
> 264, in getCaps
>     s.capabilities.validate()
>   File "/usr/lib/python2.6/site-packages/up2date_client/rhnserver.py",
> line 185, in __get_capabilities
>     self.registration.welcome_message()
>   File "/usr/lib/python2.6/site-packages/up2date_client/rhnserver.py",
> line 84, in __call__
>     raise_with_tb(up2dateErrors.SSLCertificateVerifyFailedError())
>   File "/usr/lib/python2.6/site-packages/up2date_client/rhnserver.py",
> line 67, in __call__
>     return rpcServer.doCall(method, *args, **kwargs)
>   File "/usr/lib/python2.6/site-packages/up2date_client/rpcServer.py",
> line 214, in doCall
>     ret = method(*args, **kwargs)
>   File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__
>     return self.__send(self.__name, args)
>   File "/usr/lib/python2.6/site-packages/up2date_client/rpcServer.py",
> line 48, in _request1
>     ret = self._request(methodname, params)
>   File "/usr/lib/python2.6/site-packages/rhn/rpclib.py", line 394, in
> _request
>     self._handler, request, verbose=self._verbose)
>   File "/usr/lib/python2.6/site-packages/rhn/transports.py", line 177, in
> request
>     headers, fd = req.send_http(host, handler)
>   File "/usr/lib/python2.6/site-packages/rhn/transports.py", line 733, in
> send_http
>     self._connection.request(self.method, handler, body=bstr(self.data),
> headers=self.headers)
>   File "/usr/lib64/python2.6/httplib.py", line 973, in request
>     self._send_request(method, url, body, headers)
>   File "/usr/lib64/python2.6/httplib.py", line 1010, in _send_request
>     self.endheaders()
>   File "/usr/lib64/python2.6/httplib.py", line 967, in endheaders
>     self._send_output()
>   File "/usr/lib64/python2.6/httplib.py", line 831, in _send_output
>     self.send(msg)
>   File "/usr/lib64/python2.6/httplib.py", line 810, in send
>     self.sock.sendall(str)
>   File "/usr/lib/python2.6/site-packages/rhn/SSL.py", line 264, in write
>     sent = self._connection.send(data)
> <class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>:
> The SSL certificate failed verification.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180817/90f940fd/attachment.htm>