[Spacewalk-list] rhn-ssl-tool inconsistency

Boyd, Robert Robert.Boyd at peoplefluent.com
Fri Nov 2 16:09:00 UTC 2012 

Jan,

When I check the help for --gen-server on 1.7 this is what I see:

rhn-ssl-tool --gen-server --help
Usage: rhn-ssl-tool [options]

If confused, please refer to the man page or other documentation
for sample usage.

Options:
  --gen-server          generate the web server's SSL key set, RPM and tar
                        archive. Review "--gen-server --help" for more
                        information.
  --server-key=SERVER_KEY
                        the web server's SSL private key filename (default:
                        server.key)
  --server-cert-req=SERVER_CERT_REQ
                        location of the web server's SSL certificate request
                        filename (default: server.csr)
  -p PASSWORD, --password=PASSWORD
                        CA password
  --ca-cert=CA_CERT     CA certificate filename (default: RHN-ORG-TRUSTED-SSL-
                        CERT)
  --ca-key=CA_KEY       CA private key filename (default: RHN-ORG-PRIVATE-SSL-
                        KEY)
  --startdate=STARTDATE
                        start date for the web server's SSL certificate
                        validity (format: YYMMDDHHMMSSZ - where Z is a letter;
                        default is 1 week ago: 121026155251Z)
  --server-cert=SERVER_CERT
                        the web server SSL certificate filename (default:
                        server.crt)
...


This seems to be in conflict with what is in the man page, which as you say makes no mention of --ca-cert under --gen-server.

Robert Boyd
Sr System Engineer | Peoplefluent
p. 919-645-2972 | c. 919-306-4681
 
e. Robert.Boyd at peoplefluent.com 
Visit: www.peoplefluent.com | Read: Peoplefluent Blog
Follow: @peoplefluent | Download: iPad App




-----Original Message-----
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Jan Pazdziora
Sent: Friday, November 02, 2012 11:52 AM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] rhn-ssl-tool inconsistency

On Fri, Nov 02, 2012 at 04:37:50PM +0100, Steve Meier wrote:
> Dear all,
> 
> I am currently in the process of migrating my Spacewalk servers from self-signed to "trusted" certificates.
> 
> I am using rhn-ssl-tool to build a new RPM with keys but encountered 
> one problem. While the help and the man page say that there is a --ca-cert option it is not recognized when I call rhn-ssl-tool like this:
> 
> [root at spacewalk ssl-build]# rhn-ssl-tool --gen-server --rpm-only 
> --server-key=server.key --server-cert=server.crt 
> --ca-cert=startssl-class2-server.pem
> usage: rhn-ssl-tool [options]
> 
> rhn-ssl-tool: error: no such option: --ca-cert
> 
> Am I doing something wrong or is there an inconsistency between code and documentation?

I can see the --ca-cert option only mentioned for --gen-ca, not for --gen-server.

--
Jan Pazdziora
Principal Software Engineer, Satellite Engineering, Red Hat

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list