[Spacewalk-list] Regenerating ssl certificate with Spacewalk 2.4 SHA1 to SHA2

[Tomas Lestach]

> The question is after upgrading from Spacewalk 2.3 to 2.4, can I
> generate a new SHA256 ssl cert/RPM with the spacewalk-certs-tool
> (rhn-ssl-tool --gen-server) for each of the web servers and proxies
> without having to change the certs on the clients?  From my digging
> it looks like I should be able to do that without creating a new
> RHN-ORG-TRUSTED-SSL-CERT.  So the answer seems to be yes.  Can
> anyone confirm?

The question is, why you'd want to re-generate new SSL certificate(s)
after the upgrade. Cannot you continue using the existing one(s)?

RHN-ORG-TRUSTED-SSL-CERT is actually the SSL certificate, so my answer
is yes, after you refresh the SSL certificate, you need to distribute it
to all your clients to use SSL communication.

> Also, this would be very useful info for the 2.3 to 2.4 upgrade
> document.

https://fedorahosted.org/spacewalk/wiki/HowToUpgrade

Regards,
--
Tomas Lestach
Red Hat Satellite Engineering, Red Hat