[Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error
P.Cookson at bham.ac.uk
P.Cookson at bham.ac.uk
Thu Feb 28 10:10:57 UTC 2019
Obviously, that will work but you won’t be using the secure layer or addressing the underlying problem!
If you’re getting the same problem with a new client system I can see how you may think it’s a server related issue. However, the Spacewalk certificate is generated during installation so it would be un-usual, I would have thought?
Did you add the certificate to the database (certutil -d sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT), too, as you only mention getting the rpm (rpm -Uvh http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm)?
Regards
Phil
From: spacewalk-list-bounces at redhat.com <spacewalk-list-bounces at redhat.com> On Behalf Of rui.a.zhou at nokia-sbell.com
Sent: 28 February 2019 09:51
To: spacewalk-list at redhat.com
Cc: Zhu, Ting (NSB - CN/Shanghai) <ting.zhu at nokia-sbell.com>
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error
I think this may not the problem of the client, when I try to add new client server it also has the error: The SSL certificate failed verification.
I find this help, change the --serverUrl=https://spacewalk-server/XMLRPC to
--serverUrl=http://spacewalk-server/XMLRPC. The system can be registerd,
The reason maybe:
* System did not have the correct SSL certificate.(I check, server and client have the same sslCACert)
* SSL certificate was corrupted.(how to explain this?)
From: spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com> [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of P.Cookson at bham.ac.uk<mailto:P.Cookson at bham.ac.uk>
Sent: 2019年2月28日 17:35
To: spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error
Hi
It’s a little more involved than that! I produced these notes, for myself, when un-registering a system from a Dev Spacewalk Server and registering it with a Test Spacewalk Server. It’s effectively the same thing that you need to do though.
Spacewalk does not provide an option to un-register a client system (similar to registering - “rhnreg_ks”) - the only option is to remove the client system’s profile from the Spacewalk server.
To remove a client’s profile from the Spacewalk server perform these steps:
1. Log in to the Spacewalk Console.
2. Click on the Systems tab in the top navigation bar and then click on the name of the system which you want to remove from the Systems List.
3. Click the Delete System link in the top-right corner of the page.
4. Confirm system profile deletion by clicking the Delete Profile button.
5. Now go to the client system and execute below command to remove the associated System ID file:
# rm /etc/sysconfig/rhn/systemid
In addition, remove Spacewalk certificate for Development and add certificate for Test. Then register client system with Test Spacewalk server:
# certutil -d sql:/etc/pki/nssdb -Dn RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# rpm -ev rhn-org-trusted-ssl-cert-1.0-1.noarch
# rpm -Uvh https://<Test<https://%3cTest> Server>/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
# certutil -d sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# rhnreg_ks --serverUrl=https://<Test Server>/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=[ACTIVATION KEY]
Note, if you’re using OSAD, the service may have stopped during this process and therefore, will need to be re-started. I’ve also found that, even if it’s still running, I’ve had to restart it before actions were automatically picked up again:
# systemctl start osad OR service osad start
Hope this is of help?
Regards
Phil
From: spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com> <spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com>> On Behalf Of rui.a.zhou at nokia-sbell.com<mailto:rui.a.zhou at nokia-sbell.com>
Sent: 28 February 2019 08:57
To: spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>
Cc: Zhu, Ting (NSB - CN/Shanghai) <ting.zhu at nokia-sbell.com<mailto:ting.zhu at nokia-sbell.com>>
Subject: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error
I re-installed the spacewalk server, and the client can not register to the new installed server.
[root at FNSHB109 rhn]# rpm -e rhn-org-trusted-ssl-cert-1.0-1.noarch
[root at FNSHB109 rhn]# rpm -Uvh http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Retrieving http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Preparing... ################################# [100%]
Updating / installing...
1:rhn-org-trusted-ssl-cert-1.0-1 ################################# [100%]
[root at FNSHB109 rhn]# rhnreg_ks --serverUrl=https://spacewalk-server/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos7.6 --force --verbose
D: rpcServer: Calling XMLRPC registration.welcome_message
An error has occurred:
The SSL certificate failed verification.
See /var/log/up2date for more information
[root at FNSHB109 rhn]# cat /etc/sysconfig/rhn/up2date |grep share
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
[Thu Feb 28 16:53:34 2019] up2date D: rpcServer: Calling XMLRPC registration.welcome_message
[Thu Feb 28 16:53:34 2019] up2date
Traceback (most recent call last):
File "/usr/sbin/rhnreg_ks", line 215, in <module>
cli.run()
File "/usr/lib/python2.7/site-packages/up2date_client/rhncli.py", line 94, in run
sys.exit(self.main() or 0)
File "/usr/sbin/rhnreg_ks", line 93, in main
rhnreg.getCaps()
File "/usr/lib/python2.7/site-packages/up2date_client/rhnreg.py", line 264, in getCaps
s.capabilities.validate()
File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 185, in __get_capabilities
self.registration.welcome_message()
File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 84, in __call__
raise_with_tb(up2dateErrors.SSLCertificateVerifyFailedError())
File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 67, in __call__
return rpcServer.doCall(method, *args, **kwargs)
File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", line 214, in doCall
ret = method(*args, **kwargs)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", line 48, in _request1
ret = self._request(methodname, params)
File "/usr/lib/python2.7/site-packages/rhn/rpclib.py", line 394, in _request
self._handler, request, verbose=self._verbose)
File "/usr/lib/python2.7/site-packages/rhn/transports.py", line 177, in request
headers, fd = req.send_http(host, handler)
File "/usr/lib/python2.7/site-packages/rhn/transports.py", line 733, in send_http
self._connection.request(self.method, handler, body=bstr(self.data), headers=self.headers)
File "/usr/lib64/python2.7/httplib.py", line 1017, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.7/httplib.py", line 1051, in _send_request
self.endheaders(body)
File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders
self._send_output(message_body)
File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output
self.send(msg)
File "/usr/lib64/python2.7/httplib.py", line 840, in send
self.sock.sendall(data)
File "/usr/lib/python2.7/site-packages/rhn/SSL.py", line 264, in write
sent = self._connection.send(data)
<class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>: The SSL certificate failed verification.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20190228/e9ac1762/attachment.htm>
More information about the Spacewalk-list
mailing list