[Spacewalk-list] Question About Setting web.gpg_keyring in /etc/rhn/default/rhn_web.conf

Michael Mraka michael.mraka at redhat.com
Fri Jan 7 13:56:45 UTC 2011


Kenneth Stailey wrote:
% Hi,
% 
% The Spacewalk trac has a section on creating a GPG key here:
% 
% https://fedorahosted.org/spacewalk/wiki/CertCreation
% 
% It says to modify web.gpg_keyring in /etc/rhn/default/rhn_web.conf to point to a different keyring than the default of /etc/webapp-keyring.gpg
% 
% I went to take a look at what is in /etc/webapp-keyring.gpg on a newly-installed Spacewalk server and I see:
% 
% gpg --list-keys --no-default-keyring --keyring /etc/webapp-keyring.gpg
% gpg: WARNING: unsafe ownership on configuration file `/home/ksta/.gnupg/gpg.conf'
% /etc/webapp-keyring.gpg
% -----------------------
% pub   1024D/E9496BD6 2008-06-12
% uid                  Spacewalk (Certificate Signing Key) <jmrodri at nc.rr.com>
% 
% pub   1024D/06947932 2004-02-18 [expires: 2014-02-15]
% uid                  Red Hat Network (Satellite Certificate Signing Key) <rhn-feedback at redhat.com>
% sub   2048g/C71F2F5C 2004-02-18 [expires: 2014-02-15]
% 
% If I modify web.gpg_keyring in /etc/rhn/default/rhn_web.conf to point to a different keyring than the default of /etc/webapp-keyring.gpg will it stop using those keys and if so will doing that have any adverse effects?

These key are used only to localy verify certificate via rhn-satellite-activate --disconnected.
So it's sane to point it to your keyring when using self signed certificate.

Regards,

--
Michael Mráka
Satellite Engineering, Red Hat




More information about the Spacewalk-list mailing list