[Spacewalk-list] Getting SSL to work on SLES 11
Sebastian Meyer
meyer at b1-systems.de
Wed Aug 12 17:14:39 UTC 2015
Hi Daryl,
On 12.08.2015 18:30, Daryl Rose wrote:
> * ln -s /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT /usr/share/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem
> * update-ca-certificates
That step is for SLES12, not SLES11. For the latter you should use
> Anyway, I found a posting on this list from February of this year. Bernd Helber and similar problems that I'm having and Michael Calmer provided this reply:
>
>
> Take care that the CA certificate is copied to /etc/ssl/certs/ with the suffix
> ".pem" and you run a "c_rehash /etc/ssl/certs/"
>
> E.g.:
> $> cp /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT \
> /etc/ssl/certs/RHN-ORG-TRUSTED-SSL-CERT.pem
> $> c_rehash /etc/ssl/certs/
>
As for the next error, that might be a problem with the OpenSSL 0.9.8 on
the SLES Client:
http://sourceforge.net/p/curl/bugs/1037/?limit=10&page=3#c9b6
> This allowed me to get past the first error that I was receiving, but now I have a different error. I am now getting this error:
>
>
> ?<snip>?
> Download (curl) error for 'https://<FQ SW Server>/XMLRPC/GET-REQ/sles11sp3_channel/repodata/repomd.xml?head_requests=no':
> Error code: Unrecognized error
> Error message: error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)
>
> </snip>
>
Fully disabling SSLv3 on the Apache side might help. IIRC that's what
they do on SUSE Manager. If you don't have any SLES10 or EL4 clients
that should be okay. (Not sure about EL5)
There should be some file containing 'SSLProtocol all -SSLv2 ...' in the
apache/httpd config directory in /etc. If there's no '-SSLv3' in that
line, add it after the '-SSLv2' and restart/reload apache.
Best regards
Sebastian
--
Sebastian Meyer
Linux Consultant & Trainer
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20150812/544dfee2/attachment.sig>
More information about the Spacewalk-list
mailing list