[Spacewalk-list] clients can't register - ssl cert problem

Matthew Darcy MDarcy at sch-group.net
Tue May 24 14:42:29 UTC 2011 

I tried not to post this to the list as I thought I had it resolved, but I've hit a brick wall.

I've got a spacewalk 1.4 server on Centos 5.6 64bit with Oracle XE backend.

I had a mild DNS problem (see my prevous post to the list) which to resovle I had to change the SSL certificate on the spacwalk server to be the FQDN.

This resolved my problem, builds started registering again and could use the spacewalk server for updates etc.

I continued to tune/tweak some parts of the kickstart builds, nothing on the spacewalk server, just the builds and now the kickstart builds are not registering witht he server.

When I do a rhn_register on a client I get told it's failed and I should look in the up2date log.

The up2date log shows a large python backtrace


  1.
[Tue May 24 13:12:38 2011] up2date
  2.
Traceback (most recent call last):
  3.
  File "/usr/sbin/rhnreg_ks", line 213, in ?
  4.
    cli.run()
  5.
  File "/usr/share/rhn/up2date_client/rhncli.py", line 74, in run
  6.
    sys.exit(self.main() or 0)
  7.
  File "/usr/sbin/rhnreg_ks", line 90, in main
  8.
    rhnreg.getCaps()
  9.
  File "/usr/share/rhn/up2date_client/rhnreg.py", line 231, in getCaps
  10.
    s.capabilities.validate()
  11.
  File "/usr/share/rhn/up2date_client/rhnserver.py", line 156, in __get_capabilities
  12.
    self.registration.welcome_message()
  13.
  File "/usr/share/rhn/up2date_client/rhnserver.py", line 64, in __call__
  14.
    raise up2dateErrors.SSLCertificateVerifyFailedError()
  15.
up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The SSL certificate /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT failed verification.
  16.

  17.
[Tue May 24 13:18:40 2011] rhn_register
  18.
Traceback (most recent call last):
  19.
  File "/usr/sbin/rhn_register", line 76, in ?
  20.
    app.run()
  21.
  File "/usr/share/rhn/up2date_client/rhncli.py", line 74, in run
  22.
    sys.exit(self.main() or 0)
  23.
  File "/usr/sbin/rhn_register", line 58, in main
  24.
    ui.main()
  25.
  File "/usr/share/rhn/up2date_client/tui.py", line 1263, in main
  26.
    tui.run()
  27.
  File "/usr/share/rhn/up2date_client/tui.py", line 1221, in run
  28.
    result = win.run()
  29.
  File "/usr/share/rhn/up2date_client/tui.py", line 236, in run
  30.
    tui_call_wrapper(self.screen, rhnreg.getCaps)
  31.
  File "/usr/share/rhn/up2date_client/tui.py", line 86, in tui_call_wrapper
  32.
    FatalErrorWindow(screen, e.errmsg)
  33.
exceptions.AttributeError: SSLCertificateVerifyFailedError instance has no attribute 'errmsg'
  34.

  35.
[Tue May 24 13:25:19 2011] rhn_register
  36.
Traceback (most recent call last):
  37.
  File "/usr/sbin/rhn_register", line 76, in ?
  38.
    app.run()
  39.
  File "/usr/share/rhn/up2date_client/rhncli.py", line 74, in run
  40.
    sys.exit(self.main() or 0)
  41.
  File "/usr/sbin/rhn_register", line 58, in main
  42.
    ui.main()
  43.
  File "/usr/share/rhn/up2date_client/tui.py", line 1263, in main
  44.
    tui.run()
  45.
  File "/usr/share/rhn/up2date_client/tui.py", line 1221, in run
  46.
    result = win.run()
  47.
  File "/usr/share/rhn/up2date_client/tui.py", line 236, in run
  48.
    tui_call_wrapper(self.screen, rhnreg.getCaps)
  49.
  File "/usr/share/rhn/up2date_client/tui.py", line 86, in tui_call_wrapper
  50.
    FatalErrorWindow(screen, e.errmsg)
  51.
exceptions.AttributeError: SSLCertificateVerifyFailedError instance has no attribute 'errmsg'
  52.

  53.
[Tue May 24 13:28:23 2011] rhn_register
  54.
Traceback (most recent call last):
  55.
  File "/usr/sbin/rhn_register", line 76, in ?
  56.
    app.run()
  57.
  File "/usr/share/rhn/up2date_client/rhncli.py", line 74, in run
  58.
    sys.exit(self.main() or 0)
  59.
  File "/usr/sbin/rhn_register", line 58, in main
  60.
    ui.main()
  61.
  File "/usr/share/rhn/up2date_client/tui.py", line 1263, in main
  62.
    tui.run()
  63.
  File "/usr/share/rhn/up2date_client/tui.py", line 1221, in run
  64.
    result = win.run()
  65.
  File "/usr/share/rhn/up2date_client/tui.py", line 236, in run
  66.
    tui_call_wrapper(self.screen, rhnreg.getCaps)
  67.
  File "/usr/share/rhn/up2date_client/tui.py", line 86, in tui_call_wrapper
  68.
    FatalErrorWindow(screen, e.errmsg)
  69.
exceptions.AttributeError: SSLCertificateVerifyFailedError instance has no attribute 'errmsg'

I can see the problem is a failure with the SSL certificate at registration time



if I look in /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT on the CLIENT machine the certificate is exactly the same as the one on the spacewalk machine



[root at spacewalk01 auth]# ls -la /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
-rw-r--r-- 1 root root 5467 May 24 11:23 /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

[root at vmbuild01 rhn]# ls -la RHN-ORG-TRUSTED-SSL-CERT
-rw-r--r-- 1 root root 5467 May 24 11:29 RHN-ORG-TRUSTED-SSL-CERT



any suggestions as to what would cause this would be most welcome as I had a working spacewalk machine and I can't figure out what I've done to break this.



Thanks



Matt





______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20110524/3106418f/attachment.htm>

More information about the Spacewalk-list mailing list