[Spacewalk-list] Certificate woes
Plummer, Christina E.
Christina.Plummer at energyeast.com
Wed Jul 9 20:24:22 UTC 2008
Hello all,
I am trying to get Spacewalk set up on a RHEL5 x86_64 machine (virtual).
Of course I went through all the recompiling and banging my head against
the oracle-instantclient packages not properly reporting what libraries
they provide, etc etc, and finally got all the packages to install to
yum's satisfaction before I saw today that x86_64 binary packages are
now available. Ah, well.
But I still have not been able to get through the 'spacewalk-setup
--disconnected' step. When it asks for my certificate, I get this
error:
** Loading Satellite Certificate.
** Verifying certificate locally.
There was a problem activating the satellite: Could not parse
certificate file.
Now, I am not at all certain that I have done everything properly with
the cert. First I just modified the template-eval.cert and resigned it
with gen-oss-sat-cert.pl. Then I created a fresh one (without using
--resign). I tried to follow the directions on the Wiki, but had some
challenges with GPG. Just updating the /etc/rhn/default/rhn_web.conf
file did not seem to be enough to get the rhn-satellite-activate step to
succeed. I ultimately just moved the /etc/webapp-keyring.gpg aside,
created a link to there from /etc/pubring.gpg, and ran the gpg --import
commands with the additional option of --homedir=/etc, and got that to
work (at least as far as I can tell):
# rhn-satellite-activate --disconnected
--rhn-cert=/usr/share/spacewalk/setup/myneweval.cert -vvv
--ignore-version-mismatch
HTTP_PROXY: None
HTTP_PROXY_USERNAME: None
HTTP_PROXY_PASSWORD: <password>
CA_CERT: /usr/share/rhn/RHNS-CA-CERT
Checking cert XML sanity and GPG signature:
'/usr/bin/validate-sat-cert.pl --keyring /etc/webapp-keyring.gpg
/etc/sysconfig/rhn/rhn-entitlement-cert.xml-14607-1215634070.73302698'
Database connectioned initialized: refer to default_db setting in
/etc/rhn/rhn.conf
Attempting local RHN Certificate push (and therefore activation)
But still, the spacewalk-setup does not like my certificate file. Here
is the cert I am trying to use:
<?xml version="1.0" encoding="UTF-8"?>
<rhn-cert version="0.1">
<rhn-cert-field name="product">RHN-SATELLITE-001</rhn-cert-field>
<rhn-cert-field name="owner">My Company</rhn-cert-field>
<rhn-cert-field name="issued">2008-07-09 16:04:00</rhn-cert-field>
<rhn-cert-field name="expires">2019-12-31 11:59:00</rhn-cert-field>
<rhn-cert-field name="slots">125</rhn-cert-field>
<rhn-cert-field name="generation">2</rhn-cert-field>
<rhn-cert-signature>
-----BEGIN PGP SIGNATURE-----
Version: Crypt::OpenPGP 1.03
iQBGBAARAwAGBQJIdRmwAAoJEC0HkYVqGGJCiRQAoJOqAgSKy8xgLOiFA3in/F+C
myY0AJ4zZNGyNKOx4UiR/Y8Z2emV7ikFGw==
=rg+l
-----END PGP SIGNATURE-----
</rhn-cert-signature>
</rhn-cert>
What am I missing here?
Thanks.
More information about the Spacewalk-list
mailing list