[Spacewalk-list] rhn-ssl-tool inconsistency
Boyd, Robert
Robert.Boyd at peoplefluent.com
Fri Nov 2 16:09:00 UTC 2012
Jan,
When I check the help for --gen-server on 1.7 this is what I see:
rhn-ssl-tool --gen-server --help
Usage: rhn-ssl-tool [options]
If confused, please refer to the man page or other documentation
for sample usage.
Options:
--gen-server generate the web server's SSL key set, RPM and tar
archive. Review "--gen-server --help" for more
information.
--server-key=SERVER_KEY
the web server's SSL private key filename (default:
server.key)
--server-cert-req=SERVER_CERT_REQ
location of the web server's SSL certificate request
filename (default: server.csr)
-p PASSWORD, --password=PASSWORD
CA password
--ca-cert=CA_CERT CA certificate filename (default: RHN-ORG-TRUSTED-SSL-
CERT)
--ca-key=CA_KEY CA private key filename (default: RHN-ORG-PRIVATE-SSL-
KEY)
--startdate=STARTDATE
start date for the web server's SSL certificate
validity (format: YYMMDDHHMMSSZ - where Z is a letter;
default is 1 week ago: 121026155251Z)
--server-cert=SERVER_CERT
the web server SSL certificate filename (default:
server.crt)
...
This seems to be in conflict with what is in the man page, which as you say makes no mention of --ca-cert under --gen-server.
Robert Boyd
Sr System Engineer | Peoplefluent
p. 919-645-2972 | c. 919-306-4681
e. Robert.Boyd at peoplefluent.com
Visit: www.peoplefluent.com | Read: Peoplefluent Blog
Follow: @peoplefluent | Download: iPad App
-----Original Message-----
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Jan Pazdziora
Sent: Friday, November 02, 2012 11:52 AM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] rhn-ssl-tool inconsistency
On Fri, Nov 02, 2012 at 04:37:50PM +0100, Steve Meier wrote:
> Dear all,
>
> I am currently in the process of migrating my Spacewalk servers from self-signed to "trusted" certificates.
>
> I am using rhn-ssl-tool to build a new RPM with keys but encountered
> one problem. While the help and the man page say that there is a --ca-cert option it is not recognized when I call rhn-ssl-tool like this:
>
> [root at spacewalk ssl-build]# rhn-ssl-tool --gen-server --rpm-only
> --server-key=server.key --server-cert=server.crt
> --ca-cert=startssl-class2-server.pem
> usage: rhn-ssl-tool [options]
>
> rhn-ssl-tool: error: no such option: --ca-cert
>
> Am I doing something wrong or is there an inconsistency between code and documentation?
I can see the --ca-cert option only mentioned for --gen-ca, not for --gen-server.
--
Jan Pazdziora
Principal Software Engineer, Satellite Engineering, Red Hat
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list
More information about the Spacewalk-list
mailing list