Am 28. Februar 2019 11:10:57 MEZ schrieb "p.cook...@bham.ac.uk" <p.cook...@bham.ac.uk>: >Obviously, that will work but you won’t be using the secure layer or >addressing the underlying problem! > >If you’re getting the same problem with a new client system I can see >how you may think it’s a server related issue. However, the Spacewalk >certificate is generated during installation so it would be un-usual, I >would have thought? > >Did you add the certificate to the database (certutil -d >sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai >/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT), too, as you only mention >getting the rpm (rpm -Uvh >http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm)? > >Regards >Phil > >From: spacewalk-list-boun...@redhat.com ><spacewalk-list-boun...@redhat.com> On Behalf Of >rui.a.z...@nokia-sbell.com >Sent: 28 February 2019 09:51 >To: spacewalk-list@redhat.com >Cc: Zhu, Ting (NSB - CN/Shanghai) <ting....@nokia-sbell.com> >Subject: Re: [Spacewalk-list] Registration to the new server via >rhnreg_ks returns an SSL error > > >I think this may not the problem of the client, when I try to add new >client server it also has the error: The SSL certificate failed >verification. >I find this help, change the >--serverUrl=https://spacewalk-server/XMLRPC to >--serverUrl=http://spacewalk-server/XMLRPC. The system can be >registerd, > The reason maybe: > >* System did not have the correct SSL certificate.(I check, server >and client have the same sslCACert) > * SSL certificate was corrupted.(how to explain this?)
This is just a standard SSL issue. Nothing special with spacewalk. If you're connecting to https://spacewalk-server/, "spacewalk-server" has to be included within the SSL certificate. And if that is missing, the certificate may be valid but you still get the verification error . Robert > > >From: >spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> >[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of >p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk> >Sent: 2019年2月28日 17:35 >To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> >Subject: Re: [Spacewalk-list] Registration to the new server via >rhnreg_ks returns an SSL error > >Hi > >It’s a little more involved than that! I produced these notes, for >myself, when un-registering a system from a Dev Spacewalk Server and >registering it with a Test Spacewalk Server. It’s effectively the same >thing that you need to do though. > > >Spacewalk does not provide an option to un-register a client system >(similar to registering - “rhnreg_ks”) - the only option is to remove >the client system’s profile from the Spacewalk server. > >To remove a client’s profile from the Spacewalk server perform these >steps: > > > 1. Log in to the Spacewalk Console. >2. Click on the Systems tab in the top navigation bar and then click >on the name of the system which you want to remove from the Systems >List. > 3. Click the Delete System link in the top-right corner of the page. >4. Confirm system profile deletion by clicking the Delete Profile >button. >5. Now go to the client system and execute below command to remove the >associated System ID file: > > # rm /etc/sysconfig/rhn/systemid > >In addition, remove Spacewalk certificate for Development and add >certificate for Test. Then register client system with Test Spacewalk >server: > ># certutil -d sql:/etc/pki/nssdb -Dn RHN-ORG-TRUSTED-SSL-CERT -t C,, >-ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT ># rpm -ev rhn-org-trusted-ssl-cert-1.0-1.noarch ># rpm -Uvh https://<Test<https://%3cTest> >Server>/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm ># certutil -d sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, >-ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT ># rhnreg_ks --serverUrl=https://<Test Server>/XMLRPC >--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT >--activationkey=[ACTIVATION KEY] > > >Note, if you’re using OSAD, the service may have stopped during this >process and therefore, will need to be re-started. I’ve also found >that, even if it’s still running, I’ve had to restart it before actions >were automatically picked up again: > > # systemctl start osad OR service osad start > > >Hope this is of help? > >Regards >Phil > >From: >spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> ><spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>> >On Behalf Of >rui.a.z...@nokia-sbell.com<mailto:rui.a.z...@nokia-sbell.com> >Sent: 28 February 2019 08:57 >To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> >Cc: Zhu, Ting (NSB - CN/Shanghai) ><ting....@nokia-sbell.com<mailto:ting....@nokia-sbell.com>> >Subject: [Spacewalk-list] Registration to the new server via rhnreg_ks >returns an SSL error > >I re-installed the spacewalk server, and the client can not register to >the new installed server. > >[root@FNSHB109 rhn]# rpm -e rhn-org-trusted-ssl-cert-1.0-1.noarch > >[root@FNSHB109 rhn]# rpm -Uvh >http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm >Retrieving >http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm >Preparing... ################################# >[100%] >Updating / installing... >1:rhn-org-trusted-ssl-cert-1.0-1 ################################# >[100%] > >[root@FNSHB109 rhn]# rhnreg_ks >--serverUrl=https://spacewalk-server/XMLRPC >--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT >--activationkey=1-centos7.6 --force --verbose >D: rpcServer: Calling XMLRPC registration.welcome_message >An error has occurred: >The SSL certificate failed verification. >See /var/log/up2date for more information > >[root@FNSHB109 rhn]# cat /etc/sysconfig/rhn/up2date |grep share >sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT > >[Thu Feb 28 16:53:34 2019] up2date D: rpcServer: Calling XMLRPC >registration.welcome_message >[Thu Feb 28 16:53:34 2019] up2date >Traceback (most recent call last): > File "/usr/sbin/rhnreg_ks", line 215, in <module> > cli.run() >File "/usr/lib/python2.7/site-packages/up2date_client/rhncli.py", line >94, in run > sys.exit(self.main() or 0) > File "/usr/sbin/rhnreg_ks", line 93, in main > rhnreg.getCaps() >File "/usr/lib/python2.7/site-packages/up2date_client/rhnreg.py", line >264, in getCaps > s.capabilities.validate() >File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", >line 185, in __get_capabilities > self.registration.welcome_message() >File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", >line 84, in __call__ > raise_with_tb(up2dateErrors.SSLCertificateVerifyFailedError()) >File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", >line 67, in __call__ > return rpcServer.doCall(method, *args, **kwargs) >File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", >line 214, in doCall > ret = method(*args, **kwargs) > File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__ > return self.__send(self.__name, args) >File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", >line 48, in _request1 > ret = self._request(methodname, params) >File "/usr/lib/python2.7/site-packages/rhn/rpclib.py", line 394, in >_request > self._handler, request, verbose=self._verbose) >File "/usr/lib/python2.7/site-packages/rhn/transports.py", line 177, in >request > headers, fd = req.send_http(host, handler) >File "/usr/lib/python2.7/site-packages/rhn/transports.py", line 733, in >send_http >self._connection.request(self.method, handler, body=bstr(self.data), >headers=self.headers) > File "/usr/lib64/python2.7/httplib.py", line 1017, in request > self._send_request(method, url, body, headers) > File "/usr/lib64/python2.7/httplib.py", line 1051, in _send_request > self.endheaders(body) > File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders > self._send_output(message_body) > File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output > self.send(msg) > File "/usr/lib64/python2.7/httplib.py", line 840, in send > self.sock.sendall(data) > File "/usr/lib/python2.7/site-packages/rhn/SSL.py", line 264, in write > sent = self._connection.send(data) ><class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>: >The SSL certificate failed verification. -- sent from my mobile device _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list