Oh... Wait a minute!!!Am 28.10.2015 8:01 vorm. schrieb Robert Paschedag <robert.pasche...@web.de>: > > As long as the root CA did NOT change, your steps should work and no client > need to update anything. > > You don't need to clear the jabber db. > > Regards > RobertAm 28.10.2015 3:14 vorm. schrieb Jun <j...@mle.org>: > > > > Hoping someone can offer some advice on the following situation. > > > > Have an internal spacewalk 2.2 server that is using a third-party CA > > certificate (not an internal CA) > > * The CSR used for the current ssl certificate specified the CN with > > the short hostname (not FQDN). For example, if hostname = > > myserver.domain.com, CN = myserver > > * The ssl certificate is expiring. > > * The third-party CA is no longer issuing ssl certificates for short > > hostnames > > > > Would like to use the same CA and minimize impact. > > > > Would something like this be sufficient; if not, appreciate any > > suggestions: > > * manually generate a new CSR with CN with fully qualified hostname > > using the existing server key > > * submit CSR to same third-party CA > > * backup /etc/httpd/conf/ssl.*, /etc/pki, /root/ssl-build, > > /var/www/html/pub, jabberd/server.pem > > install new third-party CA ssl certificate: > > During maintenance: > > * replace a copy of the new ssl certificate (.crt) and .csr in Apache > > directories > > * convert crt to pem and update /etc/pki/spacewalk/jabberd/server.pem > > * stop spacewalk > > * clear jabber database > > * start spacewalk > > > > Hoping the clients do not have to be updated (i.e. > > /etc/sysconfig/rhn/up2date or RHN-ORG-TRUSTED-SSL-CERT) > > Appears they are referencing the shortname (but the domain being used > > is in the dns search order) > > > > Thank you for your advice. > > > > _______________________________________________ > > Spacewalk-list mailing list > > Spacewalk-list@redhat.com > > https://www.redhat.com/mailman/listinfo/spacewalk-list > > _______________________________________________ > Spacewalk-list mailing list > Spacewalk-list@redhat.com > https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list