Obviously, that will work but you won’t be using the secure layer or addressing the underlying problem!
If you’re getting the same problem with a new client system I can see how you may think it’s a server related issue. However, the Spacewalk certificate is generated during installation so it would be un-usual, I would have thought? Did you add the certificate to the database (certutil -d sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT), too, as you only mention getting the rpm (rpm -Uvh http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm)? Regards Phil From: spacewalk-list-boun...@redhat.com <spacewalk-list-boun...@redhat.com> On Behalf Of rui.a.z...@nokia-sbell.com Sent: 28 February 2019 09:51 To: spacewalk-list@redhat.com Cc: Zhu, Ting (NSB - CN/Shanghai) <ting....@nokia-sbell.com> Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error I think this may not the problem of the client, when I try to add new client server it also has the error: The SSL certificate failed verification. I find this help, change the --serverUrl=https://spacewalk-server/XMLRPC to --serverUrl=http://spacewalk-server/XMLRPC. The system can be registerd, The reason maybe: * System did not have the correct SSL certificate.(I check, server and client have the same sslCACert) * SSL certificate was corrupted.(how to explain this?) From: spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> [mailto:spacewalk-list-boun...@redhat.com] On Behalf Of p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk> Sent: 2019年2月28日 17:35 To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error Hi It’s a little more involved than that! I produced these notes, for myself, when un-registering a system from a Dev Spacewalk Server and registering it with a Test Spacewalk Server. It’s effectively the same thing that you need to do though. Spacewalk does not provide an option to un-register a client system (similar to registering - “rhnreg_ks”) - the only option is to remove the client system’s profile from the Spacewalk server. To remove a client’s profile from the Spacewalk server perform these steps: 1. Log in to the Spacewalk Console. 2. Click on the Systems tab in the top navigation bar and then click on the name of the system which you want to remove from the Systems List. 3. Click the Delete System link in the top-right corner of the page. 4. Confirm system profile deletion by clicking the Delete Profile button. 5. Now go to the client system and execute below command to remove the associated System ID file: # rm /etc/sysconfig/rhn/systemid In addition, remove Spacewalk certificate for Development and add certificate for Test. Then register client system with Test Spacewalk server: # certutil -d sql:/etc/pki/nssdb -Dn RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT # rpm -ev rhn-org-trusted-ssl-cert-1.0-1.noarch # rpm -Uvh https://<Test<https://%3cTest> Server>/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm # certutil -d sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT # rhnreg_ks --serverUrl=https://<Test Server>/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=[ACTIVATION KEY] Note, if you’re using OSAD, the service may have stopped during this process and therefore, will need to be re-started. I’ve also found that, even if it’s still running, I’ve had to restart it before actions were automatically picked up again: # systemctl start osad OR service osad start Hope this is of help? Regards Phil From: spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> <spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>> On Behalf Of rui.a.z...@nokia-sbell.com<mailto:rui.a.z...@nokia-sbell.com> Sent: 28 February 2019 08:57 To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> Cc: Zhu, Ting (NSB - CN/Shanghai) <ting....@nokia-sbell.com<mailto:ting....@nokia-sbell.com>> Subject: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error I re-installed the spacewalk server, and the client can not register to the new installed server. [root@FNSHB109 rhn]# rpm -e rhn-org-trusted-ssl-cert-1.0-1.noarch [root@FNSHB109 rhn]# rpm -Uvh http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm Retrieving http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm Preparing... ################################# [100%] Updating / installing... 1:rhn-org-trusted-ssl-cert-1.0-1 ################################# [100%] [root@FNSHB109 rhn]# rhnreg_ks --serverUrl=https://spacewalk-server/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos7.6 --force --verbose D: rpcServer: Calling XMLRPC registration.welcome_message An error has occurred: The SSL certificate failed verification. See /var/log/up2date for more information [root@FNSHB109 rhn]# cat /etc/sysconfig/rhn/up2date |grep share sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT [Thu Feb 28 16:53:34 2019] up2date D: rpcServer: Calling XMLRPC registration.welcome_message [Thu Feb 28 16:53:34 2019] up2date Traceback (most recent call last): File "/usr/sbin/rhnreg_ks", line 215, in <module> cli.run() File "/usr/lib/python2.7/site-packages/up2date_client/rhncli.py", line 94, in run sys.exit(self.main() or 0) File "/usr/sbin/rhnreg_ks", line 93, in main rhnreg.getCaps() File "/usr/lib/python2.7/site-packages/up2date_client/rhnreg.py", line 264, in getCaps s.capabilities.validate() File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 185, in __get_capabilities self.registration.welcome_message() File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 84, in __call__ raise_with_tb(up2dateErrors.SSLCertificateVerifyFailedError()) File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 67, in __call__ return rpcServer.doCall(method, *args, **kwargs) File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", line 214, in doCall ret = method(*args, **kwargs) File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__ return self.__send(self.__name, args) File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", line 48, in _request1 ret = self._request(methodname, params) File "/usr/lib/python2.7/site-packages/rhn/rpclib.py", line 394, in _request self._handler, request, verbose=self._verbose) File "/usr/lib/python2.7/site-packages/rhn/transports.py", line 177, in request headers, fd = req.send_http(host, handler) File "/usr/lib/python2.7/site-packages/rhn/transports.py", line 733, in send_http self._connection.request(self.method, handler, body=bstr(self.data), headers=self.headers) File "/usr/lib64/python2.7/httplib.py", line 1017, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.7/httplib.py", line 1051, in _send_request self.endheaders(body) File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 840, in send self.sock.sendall(data) File "/usr/lib/python2.7/site-packages/rhn/SSL.py", line 264, in write sent = self._connection.send(data) <class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>: The SSL certificate failed verification.
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
