[Spacewalk-list] Certificate woes

Plummer, Christina E. Christina.Plummer at energyeast.com
Wed Jul 9 20:24:22 UTC 2008 

Hello all,

I am trying to get Spacewalk set up on a RHEL5 x86_64 machine (virtual).
Of course I went through all the recompiling and banging my head against
the oracle-instantclient packages not properly reporting what libraries
they provide, etc etc, and finally got all the packages to install to
yum's satisfaction before I saw today that x86_64 binary packages are
now available.  Ah, well.  

But I still have not been able to get through the 'spacewalk-setup
--disconnected' step.  When it asks for my certificate, I get this
error:
** Loading Satellite Certificate.
** Verifying certificate locally.
There was a problem activating the satellite: Could not parse
certificate file.

Now, I am not at all certain that I have done everything properly with
the cert.  First I just modified the template-eval.cert and resigned it
with gen-oss-sat-cert.pl.  Then I created a fresh one (without using
--resign).  I tried to follow the directions on the Wiki, but had some
challenges with GPG.  Just updating the /etc/rhn/default/rhn_web.conf
file did not seem to be enough to get the rhn-satellite-activate step to
succeed.  I ultimately just moved the /etc/webapp-keyring.gpg aside,
created a link to there from /etc/pubring.gpg, and ran the gpg --import
commands with the additional option of --homedir=/etc, and got that to
work (at least as far as I can tell):

# rhn-satellite-activate --disconnected
--rhn-cert=/usr/share/spacewalk/setup/myneweval.cert -vvv
--ignore-version-mismatch
HTTP_PROXY: None
HTTP_PROXY_USERNAME: None
HTTP_PROXY_PASSWORD: <password>
CA_CERT: /usr/share/rhn/RHNS-CA-CERT
Checking cert XML sanity and GPG signature:
'/usr/bin/validate-sat-cert.pl --keyring /etc/webapp-keyring.gpg
/etc/sysconfig/rhn/rhn-entitlement-cert.xml-14607-1215634070.73302698'
Database connectioned initialized: refer to default_db setting in
/etc/rhn/rhn.conf
Attempting local RHN Certificate push (and therefore activation)

But still, the spacewalk-setup does not like my certificate file.  Here
is the cert I am trying to use:

<?xml version="1.0" encoding="UTF-8"?>
<rhn-cert version="0.1">
  <rhn-cert-field name="product">RHN-SATELLITE-001</rhn-cert-field>
  <rhn-cert-field name="owner">My Company</rhn-cert-field>
  <rhn-cert-field name="issued">2008-07-09 16:04:00</rhn-cert-field>
  <rhn-cert-field name="expires">2019-12-31 11:59:00</rhn-cert-field>
  <rhn-cert-field name="slots">125</rhn-cert-field>
  <rhn-cert-field name="generation">2</rhn-cert-field>
  <rhn-cert-signature>
-----BEGIN PGP SIGNATURE-----
Version: Crypt::OpenPGP 1.03

iQBGBAARAwAGBQJIdRmwAAoJEC0HkYVqGGJCiRQAoJOqAgSKy8xgLOiFA3in/F+C
myY0AJ4zZNGyNKOx4UiR/Y8Z2emV7ikFGw==
=rg+l
-----END PGP SIGNATURE-----
</rhn-cert-signature>
</rhn-cert>


What am I missing here?

Thanks.

More information about the Spacewalk-list mailing list