[Spacewalk-list] SSL Verify problem with osa-dispatcher

A Robinson spacehobble at googlemail.com
Fri Jul 16 16:17:49 UTC 2010 

Solved it,  for the benefit of others looking for more information
osa-dispatcher uses

/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT for the CA and jabber uses
/etc/pki/spacewalk/jabberd/server.pem which is installed by the rpm.
(/etc/jabberd/server.pem isn't used)

openssl x509 -text server.pem and checking Authority Key Identifier is
useful tool! :)

On Fri, Jul 16, 2010 at 11:59 AM, A Robinson <spacehobble at googlemail.com> wrote:
> I also followed similar howtos and have the same problem. -- I
> couldn't find any solution posted to the list.
>
> Thanks
>
> On Tue, Apr 27, 2010 at 4:17 PM, Sascha Bendix
> <bendsa at idmt.fraunhofer.de> wrote:
>> Hi,
>>
>> I changed the certificates of a spacewalk instance. I found several
>> howto like
>> http://unfuckablelinux.com/2008/07/02/spacewalk-and-avoiding-self-signed-certificates/
>> or http://www.marcus-moeller.de/spacewalk/spacewalk-ssl-zertifikat.html .
>>
>> After a restart of spacewalk the osa-dispatcher quits with the message:
>>
>> Starting osa-dispatcher: RHN 2360 2010/04/27 16:52:34 +02:00:
>> ('Traceback caught:',)
>> RHN 2360 2010/04/27 16:52:34 +02:00: ('Traceback (most recent call
>> last):\n  File "/usr/share/rhn/osad/jabber_lib.py", line 620, in
>> connect\n    ssl.do_handshake()\nError: [(\'SSL routines\',
>> \'SSL3_GET_SERVER_CERTIFICATE\', \'certificate verify failed\')]\n',)
>>                                                           [FAILED]
>>
>> I tried to debug the problem but didn't got very far. I assume that
>> python didn't trust the CA certificate.
>>
>> I found several similar posts but the certificate belongs to the fqdn, I
>> could verify the certificate agaist the ca and the jabberd virtual host
>> works on the fqdn, too.
>>
>> Can you give me a hint, why python can't verify the certificate or how I
>> can add my ca certificate to the trusted certs?
>>
>> Regards,
>>
>> Sascha Bendix
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>

More information about the Spacewalk-list mailing list