[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pulp-list] [katello-devel] Pulp Repo Auth configuration change



Hey James,

in Katello, we do use GLOBAL CA CERT. Are we also affected with this
bug? I understand it it only bites when using per-repo certs.

We only set cert_location in the repo_auth.conf.

LZ

On Thu, Feb 16, 2012 at 04:18:47PM -0500, James Slagle wrote:
> I just fixed a bug which was sending down the wrong CA certificate to use to
> verify the server during a yum operation on a pulp consumer.  The fix has not
> yet been included in a release, but if you're running from a git checkout,
> this could affect your setup.
> 
> The fix makes use of the ssl_ca_certificate configuration option in
> /etc/pulp/pulp.conf.  This option must be set to the full path of the CA
> certificate that signed the server's httpd SSL certificate.  If not set, it
> will default to /etc/pki/pulp/ssl_ca.crt.  The path must be readable by the
> apache user.
> 
> If you're using a self signed certificate, then provide the path to that
> certificate, it serves as both the server certficiate and a CA certificate.
> 
> If you have repo auth enabled in your pulp setup, be sure to make this
> configuration change.
> 
> Here's the bug with more detail:
> https://bugzilla.redhat.com/show_bug.cgi?id=790157
> 
> --
> -- James Slagle
> --
> 
> _______________________________________________
> katello-devel mailing list
> katello-devel redhat com
> https://www.redhat.com/mailman/listinfo/katello-devel

-- 
Later,

 Lukas Zapletal | E32E400A
 RHN Satellite Engineering
 Red Hat Czech s.r.o. Brno


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]