One note I'll add about intermediary CAs is that they need to be SSL v3
certificates, and they need to be set to the CA type. This is quite
different from root CAs, as most clients assume that a self-signed v1
certificate is a CA.
signature.asc
Description: OpenPGP digital signature
Barlow
Cc: pulp-list@redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
By using the pulp-qpid-ssl-cfg and using your own CA and key, it then used the
CA to create a certificate for the broker and the client, and it also adds them
to an NSS database.
Interestingly, your server.conf doesn't
On 10/28/2014 09:04 AM, Ashby, Jason (IMS) wrote:
Add your root and intermediary CA's to system CA bundle (copy ca-bundle.crt
out to all consumers too):
openssl x509 -in /etc/pki/pulp_certs/rootca.crt -text
/etc/pki/tls/certs/ca-bundle.crt
openssl x509 -in /etc/pki/pulp_certs/pulpca.crt
On 10/28/2014 09:04 AM, Ashby, Jason (IMS) wrote:
ssl_ca_certificate: /etc/pki/pulp_certs/pulpca_chain.crt
This setting is used as a CA to add to consumer yum repo configs. If you
use a trusted CA certificate in httpd's ssl.conf (recommended), you
don't need this. Also, this does not need to be
Yes, that's very helpful. Didn't know that existed. I've been readding my CA
to it after OS updates myself, but this is much better.
On Oct 28, 2014, at 10:20 AM, Randy Barlow rbar...@redhat.com wrote:
On 10/28/2014 09:04 AM, Ashby, Jason (IMS) wrote:
Add your root and intermediary CA's to
-list-boun...@redhat.com [mailto:pulp-list-boun...@redhat.com]
On Behalf Of Brian Bouterse
Sent: Friday, October 24, 2014 3:22 PM
To: Randy Barlow
Cc: pulp-list@redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
By using the pulp-qpid-ssl-cfg and using your own CA and key, it then used
] On
Behalf Of Brian Bouterse
Sent: Friday, October 24, 2014 3:22 PM
To: Randy Barlow
Cc: pulp-list@redhat.commailto:pulp-list@redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
By using the pulp-qpid-ssl-cfg and using your own CA and key, it then used the
CA to create a certificate
...@redhat.com [mailto:pulp-list-boun...@redhat.com]
On Behalf Of Brian Bouterse
Sent: Friday, October 24, 2014 3:22 PM
To: Randy Barlow
Cc: pulp-list@redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
By using the pulp-qpid-ssl-cfg and using your own CA and key, it then used
the CA to create
Hi all,
Apologies up front for the long email :). I just upgraded from Pulp 2.3 to 2.4
and I'm having an issue with Qpid over SSL. Is anyone using Qpid over SSL
(port 5671) successfully in pulp 2.4? I don't see much chatter about it, so I
can't find much info. I'm almost out of ideas for
-guide.readthedocs.org/en/latest/broker-settings.html#qpid-with-ssl
-Brian
- Original Message -
From: Jason Ashby (IMS) ash...@imsweb.com
To: pulp-list@redhat.com
Sent: Friday, October 24, 2014 9:55:00 AM
Subject: [Pulp-list] Qpid SSL on Pulp 2.4
Hi all,
Apologies up front
, October 24, 2014 10:27 AM
To: Ashby, Jason (IMS)
Cc: pulp-list@redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
Hi Jason,
I've successfully used Qpid over SSL with Pulp 2.4 with port 5671. I see that
you've configured the Qpid side of the SSL connection, but is server.conf for
pulp
- Original Message -
From: Jason Ashby (IMS) ash...@imsweb.com
To: Brian Bouterse bbout...@redhat.com
Cc: pulp-list@redhat.com
Sent: Friday, October 24, 2014 11:11:50 AM
Subject: RE: [Pulp-list] Qpid SSL on Pulp 2.4
Hi Brian,
Thanks for the reply. For now, I'll ditch
-list@redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
Hi Jason,
I think the simplest description of the problem you have is that httpd won't
start. It looks like httpd won't start because the settings in server.conf are
not correct or point to files that don't provide the necessary aspects
On 10/24/2014 12:34 PM, Ashby, Jason (IMS) wrote:
Not sure where you saw httpd was not starting, but anyway httpd starts up
fine and seems to be working OK, at least when testing with curl or openssl.
There are some complaints in the httpd logs I listed below, but other than
that httpd
...@example.com
enabled: false
-Original Message-
From: pulp-list-boun...@redhat.com [mailto:pulp-list-boun...@redhat.com] On
Behalf Of Randy Barlow
Sent: Friday, October 24, 2014 2:04 PM
To: pulp-list@redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
On 10/24/2014 12:34 PM, Ashby, Jason (IMS
On 10/24/2014 02:19 PM, Ashby, Jason (IMS) wrote:
[messaging]
url: ssl://127.0.0.1:5671
cacert: /etc/pki/pulp/qpid/ca.crt
clientcert: /etc/pki/pulp/qpid/client.crt
Is that cacert the cert that signed the certificate that qpid is
configured to use? And is that client cert signed by the CA that
a path: /etc/pki/pulp_certs/pulpca.key
Does that answer your questions?
-Original Message-
From: Randy Barlow [mailto:rbar...@redhat.com]
Sent: Friday, October 24, 2014 2:31 PM
To: Ashby, Jason (IMS); pulp-list@redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
On 10/24/2014 02:19 PM
...@redhat.com [mailto:pulp-list-boun...@redhat.com] On
Behalf Of Ashby, Jason (IMS)
Sent: Friday, October 24, 2014 2:40 PM
To: 'Randy Barlow'; pulp-list@redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4
Those certs are the ones generated by /usr/bin/pulp-qpid-ssl-cfg. I accepted
the defaults
18 matches
Mail list logo