On Fri, Nov 02, 2012 at 04:37:50PM +0100, Steve Meier wrote: > Dear all, > > I am currently in the process of migrating my Spacewalk servers from > self-signed to "trusted" certificates. > > I am using rhn-ssl-tool to build a new RPM with keys but encountered one > problem. While the help and > the man page say that there is a --ca-cert option it is not recognized when I > call rhn-ssl-tool like this: > > [root@spacewalk ssl-build]# rhn-ssl-tool --gen-server --rpm-only > --server-key=server.key --server-cert=server.crt > --ca-cert=startssl-class2-server.pem > usage: rhn-ssl-tool [options] > > rhn-ssl-tool: error: no such option: --ca-cert > > Am I doing something wrong or is there an inconsistency between code and > documentation? >
Alright -- the --ca-cert is not available during --gen-server --rpm-only. On Fri, Nov 02, 2012 at 12:09:00PM -0400, Boyd, Robert wrote: > Jan, > > When I check the help for --gen-server on 1.7 this is what I see: > > rhn-ssl-tool --gen-server --help > Usage: rhn-ssl-tool [options] > > If confused, please refer to the man page or other documentation > for sample usage. [...] > This seems to be in conflict with what is in the man page, which as you say > makes no mention of --ca-cert under --gen-server. > The rhn-ssl-tool --gen-server --help presumably lists all the options for --gen-server, but some combinations don't mix'n'match. If you do rhn-ssl-tool --gen-server --rpm-only --help, you will narrow the list down to those that are supported for the rpm-only operation. When indeed, you just pack what was already generated. -- Jan Pazdziora Principal Software Engineer, Satellite Engineering, Red Hat _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
