[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pulp-list] Debugging SSL errors



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A question came in the chat room about getting Invalid SSL certificate
errors when using client/server on separate machines. This turned out to
not be the issue of the server SSL cert having a CN that's different
than what's configured in the client.conf, but I still went down that
route for debugging.

Since we can't be 100% sure how their httpd was necessarily set up, I
found myself looking up and telling the user to check the cert
configured for httpd for its CN. That was cumbersome to describe, so I
took a stab at writing a one-liner we can tell users to run to see what
the CN is.


# openssl x509 -subject -nameopt sname -noout -in `grep -e
"^SSLCertificateFile" /etc/httpd/conf.d/ssl.conf | awk '{print $2}'` |
awk -F "/" '{print $7}'


That results in something like:

CN=guardian

In this example the client.conf should use "guardian" for the server.

If anyone is better with openssl than I am, I'm all ears. The "-subject"
part rips out the subject for me, but I couldn't find any options to
further grab the CN out of it.


- -- 
Jay Dobies
RHCE# 805008743336126
Freenode: jdob
http://pulpproject.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNkPRnAAoJEOMmcTqOSQHCejwH/Rlb+SZhwbzKjk93dmYGv5jF
xOQ9+vPB9R4YwY8ZpITB9Cb/ooCmhAQ1CHckbfd88hFRD4DAOGIUMc2FOPrUC9Ri
RBwBVvCj4Gz7HfuOH1EcOn4UzJt/xQTzEGvh2/rGyqrWEqk8ufYDcldCtYbCr5lB
nBv/0d4ksn109Dc+fwFnAMkFoJo87WPlhUeQJaezfdVhVIrW3tHZjgrYDywamhzH
QTchl4IYi6knxd8JMzDldbOHVR93P23gBA0PJwKzcw9cHwvCBnIj/2loX0wYsqC2
ZREbAAsdPY0VY36usY3IULJawRI7gOnQD0TFFag+oKckv4onoBI32kzUgqeCbx8=
=HeBl
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]