[Spacewalk-list] Certificat problem by client installation

Tue May 8 17:00:53 UTC 2018

Dear All,

Because our customer has some issue with his prod_spacewalk server to create new system, we decided to clone it has dev_system to do some test and troubleshooting this problem.
Clone and configuration to dev_spacewalk was successfully done.

Version:
==================================
dev_spacewalk : CentOS 7.4.1708
spacewalk ver.: 2.4

Steps
==================================
1) server successfully cloned
2) Change hostname in configuration's file
3) run the script with the new IP ADD : /usr/bin/spacewalk-hostname-rename <ip>
3.1) a new SSL certificate was created
3.2) a private AC key was generated:
            Generating private CA key: /root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY
4) Configuring jabber to use PostgreSQL backend because some issue.
5) Successfully start the service:

Error
==================================

Now, we've created a new dev_server and after the installation, we received some issue from kickstart logs:

ERROR: Failed to connect to https://<dev_spacewalk>.local/rpc/api

I've done an another test from this new machine:

<dev_server># spacecmd -s <dev_spacewalk> -u admin -p $(echo passwd | openssl enc -aes-128-cbc -a -d -salt -pass pass:XXXX) --debug
DEBUG: : False
DEBUG: Read configuration from /root/.spacecmd/config
DEBUG: Loading configuration section [spacecmd]
DEBUG: Current Configuration: {'username': 'admin', 'password': '***********', 'server': 'dev_spacewalk'}
Welcome to spacecmd, a command-line interface to Spacewalk.

Type: 'help' for a list of commands
      'help <cmd>' for command-specific help
      'quit' to quit

DEBUG: Configuration section [dev_spacewalk] does not exist
DEBUG: Connecting to https://dev_spacewalk/rpc/api
ERROR: <class 'ssl.SSLError'>
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/spacecmd/misc.py", line 284, in do_login
    self.api_version = self.client.api.getVersion()
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1587, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1301, in single_request
    self.send_content(h, request_body)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1448, in send_content
    connection.endheaders(request_body)
  File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/lib64/python2.7/httplib.py", line 1236, in connect
    server_hostname=sni_hostname)
  File "/usr/lib64/python2.7/ssl.py", line 350, in wrap_socket
    _context=self)
  File "/usr/lib64/python2.7/ssl.py", line 611, in __init__
    self.do_handshake()
  File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
    self._sslobj.do_handshake()
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
ERROR: Failed to connect to https://<dev_spacewalk>/rpc/api

Questions
==================================

1) How can I check if certificates are ok?
2) Is a certificat's problem or spacewalk? Any Idea how I can debugging?
3) Our customer are using a selfsigned certificat, so I don't think that is a CA certificat problem?
4) All certificats saw ok but this file not. I don't really know how it will be created:

<dev_server># cat /tmp/ssl-key-1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13876969005773671483 (0xc094e5c9943ecc3b)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CH, ST=XXXXX, L=XXXX, O=XXXX, OU=XX, CN=<prod_spacewalk>.local
        Validity
            Not Before: Nov  4 10:50:35 2015 GMT
            Not After : Oct 29 10:50:35 2036 GMT
        Subject: C=XX, ST=XXXXX, L=XXXX, O=XXXX, OU=XX, CN=<prod_spacewalk>.local
        Subject Public Key Info:
            ...
-----END CERTIFICATE-----

Thank you for your help in advance,

Best regard,

Jérôme Meyer
System Engineer
________________________________
[cid:image005.jpg at 01D3E6FE.E34FDD20]<http://www.lcsystems.ch/>
LC Systems-Engineering AG

Tel.:

+41 58 360 89 00

Reinacherstrasse 129

Fax:

+41 58 360 89 01

4053  Basel

Direkt:

+41 58 360 89 14

www.lcsystems.ch

Mobile:

+41 76 438 33 84

Email:

Jerome.Meyer at lcsystems.ch

[cid:image006.jpg at 01D3E6FE.E34FDD20]<http://www.lcsystems.ch/events>
________________________________
Diese Nachricht ist ausschliesslich für den bezeichneten Adressaten oder dessen Vertreter bestimmt. Beachten Sie bitte, dass jede Form der unautorisierten Nutzung, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhaltes der Email nicht gestattet ist. Sollten Sie nicht der vorgesehene Adressat dieser Email oder dessen Vertreter sein, so bitten wir Sie, sich mit dem Absender der Email in Verbindung zu setzen und anschliessend diese Email und sämtliche Anhänge zu löschen.
________________________________
This message is exclusively for the person addressed or their representative. Any form of the unauthorized use, publication, reproduction, copying or disclosure of the content of this e-mail is not permitted. If you are not the intended recipient of this message and its contents, please notify this sender immediately and delete this message and all its attachments subsequently.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180508/347735a5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 2414 bytes
Desc: image005.jpg
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180508/347735a5/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 21858 bytes
Desc: image006.jpg
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180508/347735a5/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5165 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180508/347735a5/attachment.p7s>