[Spacewalk-list] rhnpush and self signed certificate
Michael Mraka
michael.mraka at redhat.com
Mon Aug 19 11:16:20 UTC 2013
Paul Robert Marino wrote:
% Well there are a few reasons why this could happen.
% The short answer is no.
% The most common problem that causes this is a severe time and or date offset
% between the server an the host. The way to fix that is ntp.
%
% The second is a hostname resolution mismatch. The easiest way to work around
% this is if you don't have full forward and reverse controls of the lookup you
% can set the host name as the up address and that will fool the openssl
% libraries into acting the way you want. And there is a series of well
% documented commands you need to run to rename the host in spacewalk and make
% new self signed certs to make that work
%
% The third scenario is you didn't answer the questions properly during the
% install and it defaulted to the hostname but not the FQDN in other words the
% hostname without the domain. Essentially in that case you need to recreate the
% self signed certs with the FQDN
Also make sure you have correct path to certificate
in /etc/sysconfig/rhn/rhnpushrc:
#The CA cert used to verify the ssl server
ca_chain = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
% Hi,
%
% I've installed and configured Spacewalk on Fedora 19. The WebUI is
% running correctly.
% When I try to use rhnpush to put a new package I get the following
% error:
%
% [root at localhost ~]# rhnpush --verbose --nosig
% --channel=debian_amd64_wheezy vim_7.4.000-1_amd64.deb
% Connecting to https://localhost/APP
% Username: admin
% Password:
%
% ERROR: unhandled exception occurred: ([('SSL routines',
% 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]).
%
% This problem seems related to the self signed certificate Apache is
% using. Is there any way to tell rhnpush to do not verify the
% certificate?
%
% Thanks in advance.
Regards,
--
Michael Mráka
Satellite Engineering, Red Hat
More information about the Spacewalk-list
mailing list