Am 2. März 2019 00:55:20 MEZ schrieb "Zhou, Rui A. (NSB - CN/Shanghai)" <rui.a.z...@nokia-sbell.com>: >My problem was resloved, I reset my login password and it work now!
I dought that a login reset fixes an SSL verification error but if you're happy now, all is good. ;-) Robert > >-----Original Message----- >From: Zhou, Rui A. (NSB - CN/Shanghai) >Sent: 2019年3月1日 19:02 >To: spacewalk-list@redhat.com; robert.pasche...@web.de >Cc: Zhu, Ting (NSB - CN/Shanghai) <ting....@nokia-sbell.com> >Subject: RE: [Spacewalk-list] Registration to the new server via >rhnreg_ks returns an SSL error > >Very sad to say, they are the same, I think if the file in hosts has >some impacts? I find I have not write the configuration before. I will >try and tell the result later. >[root@spacewalk-server pxelinux.cfg]# cat /etc/hosts >127.0.0.1 localhost localhost.localdomain localhost4 >localhost4.localdomain4 >::1 localhost localhost.localdomain localhost6 >localhost6.localdomain6 >135.251.206.139 spacewalk-server > >Client: >[root@FNSHA172 yum.repos.d]# cat >/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT >Certificate: > Data: > Version: 3 (0x2) > Serial Number: > 91:88:95:56:dd:6c:6d:0d > >Server: >[root@spacewalk-server ~]# cat >/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT >Certificate: > Data: > Version: 3 (0x2) > Serial Number: > 91:88:95:56:dd:6c:6d:0d > >-----Original Message----- >From: spacewalk-list-boun...@redhat.com >[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of >p.cook...@bham.ac.uk >Sent: 2019年3月1日 17:09 >To: robert.pasche...@web.de; spacewalk-list@redhat.com >Subject: Re: [Spacewalk-list] Registration to the new server via >rhnreg_ks returns an SSL error > >Whether you re-installed the Spacewalk application on the same server >or a different one, a new certificate should have been produced after >running "spacewalk-setup." > >Subsequently, the certificate can be viewed on the server: > >cat /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT > >OR > >WebUI -> Systems (Top Menu) -> Kickstart (Left Menu) -> GPG and SSL >Keys -> RHN-ORG-TRUSTED-SSL-CERT -> Key contents > >If everything has been done correctly, to register the client, the >certificate can be viewed on there too: > >cat /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT > >If they don't match, you'll have a problem! > >Like Robert says, it seems to be "just" a SSL issue really but, >obviously, the certificate is being generated by the Spacewalk >application installation. > >Regards >Phil > >-----Original Message----- >From: robert.pasche...@web.de <robert.pasche...@web.de> >Sent: 28 February 2019 16:47 >To: spacewalk-list@redhat.com; Philip Cookson (IT Services) ><p.cook...@bham.ac.uk>; spacewalk-list@redhat.com >Subject: Re: [Spacewalk-list] Registration to the new server via >rhnreg_ks returns an SSL error > >Am 28. Februar 2019 11:10:57 MEZ schrieb "p.cook...@bham.ac.uk" ><p.cook...@bham.ac.uk>: >>Obviously, that will work but you won’t be using the secure layer or >>addressing the underlying problem! >> >>If you’re getting the same problem with a new client system I can see >>how you may think it’s a server related issue. However, the Spacewalk >>certificate is generated during installation so it would be un-usual, >I >>would have thought? >> >>Did you add the certificate to the database (certutil -d >>sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai >>/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT), too, as you only mention >>getting the rpm (rpm -Uvh >>http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm)? >> >>Regards >>Phil >> >>From: spacewalk-list-boun...@redhat.com >><spacewalk-list-boun...@redhat.com> On Behalf Of >>rui.a.z...@nokia-sbell.com >>Sent: 28 February 2019 09:51 >>To: spacewalk-list@redhat.com >>Cc: Zhu, Ting (NSB - CN/Shanghai) <ting....@nokia-sbell.com> >>Subject: Re: [Spacewalk-list] Registration to the new server via >>rhnreg_ks returns an SSL error >> >> >>I think this may not the problem of the client, when I try to add new >>client server it also has the error: The SSL certificate failed >>verification. >>I find this help, change the >>--serverUrl=https://spacewalk-server/XMLRPC to >>--serverUrl=http://spacewalk-server/XMLRPC. The system can be >>registerd, The reason maybe: >> >>* System did not have the correct SSL certificate.(I check, server >>and client have the same sslCACert) >> * SSL certificate was corrupted.(how to explain this?) > >This is just a standard SSL issue. Nothing special with spacewalk. > >If you're connecting to https://spacewalk-server/, "spacewalk-server" >has to be included within the SSL certificate. And if that is missing, >the certificate may be valid but you still get the verification error . > >Robert > >> >> >>From: >>spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-bounces@redhat. >>com> [mailto:spacewalk-list-boun...@redhat.com] On Behalf Of >>p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk> >>Sent: 2019年2月28日 17:35 >>To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> >>Subject: Re: [Spacewalk-list] Registration to the new server via >>rhnreg_ks returns an SSL error >> >>Hi >> >>It’s a little more involved than that! I produced these notes, for >>myself, when un-registering a system from a Dev Spacewalk Server and >>registering it with a Test Spacewalk Server. It’s effectively the same > >>thing that you need to do though. >> >> >>Spacewalk does not provide an option to un-register a client system >>(similar to registering - “rhnreg_ks”) - the only option is to remove >>the client system’s profile from the Spacewalk server. >> >>To remove a client’s profile from the Spacewalk server perform these >>steps: >> >> >> 1. Log in to the Spacewalk Console. >>2. Click on the Systems tab in the top navigation bar and then click >>on the name of the system which you want to remove from the Systems >>List. >> 3. Click the Delete System link in the top-right corner of the >page. >>4. Confirm system profile deletion by clicking the Delete Profile >>button. >>5. Now go to the client system and execute below command to remove >the >>associated System ID file: >> >> # rm /etc/sysconfig/rhn/systemid >> >>In addition, remove Spacewalk certificate for Development and add >>certificate for Test. Then register client system with Test Spacewalk >>server: >> >># certutil -d sql:/etc/pki/nssdb -Dn RHN-ORG-TRUSTED-SSL-CERT -t C,, >>-ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT >># rpm -ev rhn-org-trusted-ssl-cert-1.0-1.noarch >># rpm -Uvh https://<Test<https://%3cTest> >>Server>/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm >># certutil -d sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, >>-ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT >># rhnreg_ks --serverUrl=https://<Test Server>/XMLRPC >>--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT >>--activationkey=[ACTIVATION KEY] >> >> >>Note, if you’re using OSAD, the service may have stopped during this >>process and therefore, will need to be re-started. I’ve also found >>that, even if it’s still running, I’ve had to restart it before >actions >>were automatically picked up again: >> >> # systemctl start osad OR service osad start >> >> >>Hope this is of help? >> >>Regards >>Phil >> >>From: >>spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-bounces@redhat. >>com> >><spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-bounces@redhat >>.com>> >>On Behalf Of >>rui.a.z...@nokia-sbell.com<mailto:rui.a.z...@nokia-sbell.com> >>Sent: 28 February 2019 08:57 >>To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> >>Cc: Zhu, Ting (NSB - CN/Shanghai) >><ting....@nokia-sbell.com<mailto:ting....@nokia-sbell.com>> >>Subject: [Spacewalk-list] Registration to the new server via rhnreg_ks > >>returns an SSL error >> >>I re-installed the spacewalk server, and the client can not register >to >>the new installed server. >> >>[root@FNSHB109 rhn]# rpm -e rhn-org-trusted-ssl-cert-1.0-1.noarch >> >>[root@FNSHB109 rhn]# rpm -Uvh >>http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm >>Retrieving >>http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm >>Preparing... >################################# >>[100%] >>Updating / installing... >>1:rhn-org-trusted-ssl-cert-1.0-1 ################################# >>[100%] >> >>[root@FNSHB109 rhn]# rhnreg_ks >>--serverUrl=https://spacewalk-server/XMLRPC >>--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT >>--activationkey=1-centos7.6 --force --verbose >>D: rpcServer: Calling XMLRPC registration.welcome_message An error has >>occurred: >>The SSL certificate failed verification. >>See /var/log/up2date for more information >> >>[root@FNSHB109 rhn]# cat /etc/sysconfig/rhn/up2date |grep share >>sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT >> >>[Thu Feb 28 16:53:34 2019] up2date D: rpcServer: Calling XMLRPC >>registration.welcome_message [Thu Feb 28 16:53:34 2019] up2date >>Traceback (most recent call last): >> File "/usr/sbin/rhnreg_ks", line 215, in <module> >> cli.run() >>File "/usr/lib/python2.7/site-packages/up2date_client/rhncli.py", line > >>94, in run >> sys.exit(self.main() or 0) >> File "/usr/sbin/rhnreg_ks", line 93, in main >> rhnreg.getCaps() >>File "/usr/lib/python2.7/site-packages/up2date_client/rhnreg.py", line > >>264, in getCaps >> s.capabilities.validate() >>File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", >>line 185, in __get_capabilities >> self.registration.welcome_message() >>File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", >>line 84, in __call__ >> raise_with_tb(up2dateErrors.SSLCertificateVerifyFailedError()) >>File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", >>line 67, in __call__ >> return rpcServer.doCall(method, *args, **kwargs) File >>"/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", >>line 214, in doCall >> ret = method(*args, **kwargs) >> File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__ >> return self.__send(self.__name, args) File >>"/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", >>line 48, in _request1 >> ret = self._request(methodname, params) File >>"/usr/lib/python2.7/site-packages/rhn/rpclib.py", line 394, in >_request >> self._handler, request, verbose=self._verbose) File >>"/usr/lib/python2.7/site-packages/rhn/transports.py", line 177, in >>request >> headers, fd = req.send_http(host, handler) File >>"/usr/lib/python2.7/site-packages/rhn/transports.py", line 733, in >>send_http self._connection.request(self.method, handler, >>body=bstr(self.data), >>headers=self.headers) >> File "/usr/lib64/python2.7/httplib.py", line 1017, in request >> self._send_request(method, url, body, headers) >> File "/usr/lib64/python2.7/httplib.py", line 1051, in _send_request >> self.endheaders(body) >> File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders >> self._send_output(message_body) >> File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output >> self.send(msg) >> File "/usr/lib64/python2.7/httplib.py", line 840, in send >> self.sock.sendall(data) >> File "/usr/lib/python2.7/site-packages/rhn/SSL.py", line 264, in >write >> sent = self._connection.send(data) >><class >'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>: >>The SSL certificate failed verification. > > >-- >sent from my mobile device > >_______________________________________________ >Spacewalk-list mailing list >Spacewalk-list@redhat.com >https://www.redhat.com/mailman/listinfo/spacewalk-list -- sent from my mobile device _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list