Re: [Spacewalk-list] SSL Errors When rhnreg_ks'ing
On Thu, Jul 28, 2011 at 05:17:31PM -0400, Wojtak, Greg wrote: I started playing around with provisioning today and got to the point where I can get a system kickstarted, but it is not showing up in spacewalk afterwards as a registered system. Looking through the kickstart, I finally tracked it down to an SSL issue when running rhnreg_ks: [root@localhost rhn]# rhnreg_ks --serverUrl=https://spacewalk/XMLRPC https://ql2spacewalk1/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-eab559ea4aaccb6911f1f0bf8e1ff973,1-centos-6-x86_64 An error has occurred: class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError' See /var/log/up2date for more information This hasn't been in issue in the past because when we register systems manually, we've always done so with http (no SSL). I was running apache httpd with an SSL cert generated from our internal PKI infrastructure, so I replaced that with the cert created by the spacewalk installer. I still get the same error. Is the time on the client and on the server in sync? -- Jan Pazdziora Principal Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
Re: [Spacewalk-list] SSL Errors When rhnreg_ks'ing
All our servers are in sync with each other. The good news is, I kept hacking around and got it working. The solution was ridiculously simple: 1) cd /root/ssl-build 2) cp server.crt /etc/pki/tls/certs 3) cp server.key /etc/pki/tls/private 4) service httpd reload 5) profit So now I am able to register clients over https and have their communications working properly. Is there a document that shows how to use a purchased certificate (or in our case, our own CA) to properly create the httpd and jabber certs as well as setting up the CA cert on the clients? Thanks! Greg On 2011-07-29 11:51 AM, Jan Pazdziora jpazdzi...@redhat.com wrote: On Thu, Jul 28, 2011 at 05:17:31PM -0400, Wojtak, Greg wrote: I started playing around with provisioning today and got to the point where I can get a system kickstarted, but it is not showing up in spacewalk afterwards as a registered system. Looking through the kickstart, I finally tracked it down to an SSL issue when running rhnreg_ks: [root@localhost rhn]# rhnreg_ks --serverUrl=https://spacewalk/XMLRPC https://ql2spacewalk1/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-eab559ea4aaccb6911f1f0bf8e1ff973,1-centos-6-x86_64 An error has occurred: class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError' See /var/log/up2date for more information This hasn't been in issue in the past because when we register systems manually, we've always done so with http (no SSL). I was running apache httpd with an SSL cert generated from our internal PKI infrastructure, so I replaced that with the cert created by the spacewalk installer. I still get the same error. Is the time on the client and on the server in sync? -- Jan Pazdziora Principal Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
[Spacewalk-list] SSL Errors When rhnreg_ks'ing
I started playing around with provisioning today and got to the point where I can get a system kickstarted, but it is not showing up in spacewalk afterwards as a registered system. Looking through the kickstart, I finally tracked it down to an SSL issue when running rhnreg_ks: [root@localhost rhn]# rhnreg_ks --serverUrl=https://spacewalk/XMLRPC https://ql2spacewalk1/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-eab559ea4aaccb6911f1f0bf8e1ff973,1-centos-6-x86_64 An error has occurred: class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError' See /var/log/up2date for more information This hasn't been in issue in the past because when we register systems manually, we've always done so with http (no SSL). I was running apache httpd with an SSL cert generated from our internal PKI infrastructure, so I replaced that with the cert created by the spacewalk installer. I still get the same error. I guess what I'm looking for is either a) how can I tell spacewalk to use http instead of httpd to register new systems or b) how can I get SSL working? Thanks! Greg Wojtak ___ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
