[Spacewalk-list] Help with client connection to Spacewalk Proxy via SSL with CA signed cert
William Clark
majorgearhead at gmail.com
Mon Aug 15 15:30:40 UTC 2011
I have yet to get OSA through the proxies to work. This is my next thing to tackle. I will report back once I have this sorted.
William Clark
On Aug 15, 2011, at 6:38 AM, Wojtak, Greg wrote:
> I've had this same issue. I had to revert back to the self-signed cert for httpd in order to get OSA and provisioning to work properly.
>
> From: Jeremy Davis <jdavis4102 at gmail.com<mailto:jdavis4102 at gmail.com>>
> Reply-To: "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
> Date: Fri, 12 Aug 2011 20:16:36 -0400
> To: "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
> Subject: Re: [Spacewalk-list] Help with client connection to Spacewalk Proxy via SSL with CA signed cert
>
> William,
>
> Are you using osa-dispatcher and osad for remote command functionality between the App server and all clients/proxy servers? I have been trying to get a signed SSL cert to work and been having issues with getting osa-dispatcher to restart using the new cert. If you are using this could you provide a step by step on how you have been able to get a signed cert to work with your setup? Thank you for your time and have a great day!
>
> Thanks,
> Jeremy
>
> On Fri, Aug 12, 2011 at 12:44 PM, William Clark <majorgearhead at gmail.com<mailto:majorgearhead at gmail.com>> wrote:
> I solved the issue. I took the csr in /etc/httpd/conf/ssl.csr and used that to get a signed cert from my CA. I then took the resultant cert and moved it to /etc/httpd/conf/ssl.crt/server.crt. I then restarted httpd and I no longer get ssl errors on clients trying to connect to the proxy with ssl. Nothing else broke in the process so I believe I am good to go.
>
> William Clark
>
> On Aug 12, 2011, at 11:07 AM, William Clark wrote:
>
>> Here is some background on the system I am running. I currently have a single spacewalk server running SW1.4 and I have 2 proxy servers running proxy 1.4.
>>
>> On my spacewalk server I have a CA signed cert and set everything up for that. I connected the proxy's and they communicate to the master server over ssl with no issues. The problem comes in when I try to connect via SSL from a client to one of the proxy servers. I get SSL certificate errors. I suspect that this may have something to do with the fact that I have a CA signed cert on the master but not the proxy's. So when the proxy's try and validate their self signed certs against the CA chain I have from a valid CA they cannot validate their certs.
>>
>> Question is, is there a way to get CA signed certs in place on the proxy's so that I can connect to the proxy's from clients via SSL?
>>
>> William Clark
>>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
>
>
> --
> Thank you,
> Jeremy Davis, GCIH
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
More information about the Spacewalk-list
mailing list