[Spacewalk-list] registering on the same host

Colin Coe colin.coe at gmail.com
Wed Apr 20 03:19:04 UTC 2011 

I have no experience with RHN Proxy (or the Spacewalk equiv) but to my
knowledge /etc/rhn/rhn.conf is supposed to be 0600.  It contains
passwords, etc so it should not be world visible.

The rhn-org-trusted-ssl-cert RPM should be found at
http://your.spacewalk.com/pub/

RHNS-CA-CERT is for use with the RHN, not for spacewalk or even RHN
Satellite.  Spacewalk/RHN Satellite use RHN-ORG-TRUSTED-SSL-CERT which
is generated during the Spacewalk/Satellite installation.

CC

On Tue, Apr 19, 2011 at 5:28 PM, Assaf Flatto
<assaf.flatto at goldmoney.com> wrote:
> I managed to solve the issue .
> For some reason the /etc/rhn/rhn.conf file is starting with 600 permissions
> and  hence the httpd process can not access and read the file .
> once chmod 644 to the file is done , the registration works.
>
>
>
> On 18 Apr 2011, at 15:26, Assaf Flatto wrote:
>
> * PGP Signed: 18/04/2011 at 15:26:12
> Hello
> I've reinstalled  my server on an RHEL6 platform and since i want the server
> to be the proxy to the RH network , i wished to register the host as a
> client on the server ( same host)
> This is the error I got :
>
> rhnreg_ks --serverUrl=https://host.foo.com/XMLRPC
> --activationkey=1-18ec022c1a02a7bccd8594c57013ff5b --force
> An error has occurred:
> <class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>
> See /var/log/up2date for more information
> [root at host ~]#  less /var/log/up2date
> [root at host ~]# tail -20  /var/log/up2date
>   File "/usr/share/rhn/up2date_client/rhnserver.py", line 64, in __call__
>     raise up2dateErrors.SSLCertificateVerifyFailedError()
> <class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>: The
> SSL certificate /usr/share/rhn/RHNS-CA-CERT failed verification.
> [Mon Apr 18 14:11:04 2011] up2date
> Traceback (most recent call last):
>   File "/usr/sbin/rhnreg_ks", line 213, in <module>
>     cli.run()
>   File "/usr/share/rhn/up2date_client/rhncli.py", line 74, in run
>     sys.exit(self.main() or 0)
>   File "/usr/sbin/rhnreg_ks", line 90, in main
>     rhnreg.getCaps()
>   File "/usr/share/rhn/up2date_client/rhnreg.py", line 231, in getCaps
>     s.capabilities.validate()
>   File "/usr/share/rhn/up2date_client/rhnserver.py", line 156, in
> __get_capabilities
>     self.registration.welcome_message()
>   File "/usr/share/rhn/up2date_client/rhnserver.py", line 64, in __call__
>     raise up2dateErrors.SSLCertificateVerifyFailedError()
> <class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>: The
> SSL certificate /usr/share/rhn/RHNS-CA-CERT failed verification.
>
> It seems this was a known issue in older versions that was resolved with
> a rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm , but I was unable to find any
> place to download this rpm .
> when I tried to find out what provides the SSL certification , i got this
> result
> yum provides /usr/share/rhn/RHNS-CA-CERT
> Loaded plugins: refresh-packagekit, rhnplugin
> rhn-client-tools-1.0.0-38.el6.noarch : Support programs and libraries for
> Red Hat Network or Spacewalk
> Repo        : InstallMedia
> Matched from:
> Filename    : /usr/share/rhn/RHNS-CA-CERT
> rhn-client-tools-1.0.0-39.el6.noarch : Support programs and libraries for
> Red Hat Network or Spacewalk
> Repo        : rhel-x86_64-server-6
> Matched from:
> Filename    : /usr/share/rhn/RHNS-CA-CERT
> rhn-client-tools-1.4.16-1.el6.noarch : Support programs and libraries for
> Red Hat Network or Spacewalk
> Repo        : spacewalk
> Matched from:
> Filename    : /usr/share/rhn/RHNS-CA-CERT
> rhn-client-tools-1.3.12-1.el6.noarch : Support programs and libraries for
> Red Hat Network or Spacewalk
> Repo        : spacewalk-client
> Matched from:
> Filename    : /usr/share/rhn/RHNS-CA-CERT
> rhn-client-tools-1.4.16-1.el6.noarch : Support programs and libraries for
> Red Hat Network or Spacewalk
> Repo        : installed
> Matched from:
> Other       : Provides-match: /usr/share/rhn/RHNS-CA-CERT
> I am not sure which of those is the correct one to use , so I have no idea
> how to proceed from this point .
> Any one can help ?
> Thanks
> Assaf
> * Assaf Flatto <assaf.flatto at goldmoney.com>
> * 0xE32D7EC6
>
> * PGP Unprotected
> * text/plain body
>
> * PGP Unprotected
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
>
> * PGP Signed: 18/04/2011 at 15:26:12
> * text/plain body
> * text/html body
> * Assaf Flatto <assaf.flatto at goldmoney.com>
> * 0xE32D7EC6
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>



-- 
RHCE#805007969328369

More information about the Spacewalk-list mailing list