[Spacewalk-list] How to use a signed certificate?

Robert Paschedag robert.paschedag at web.de
Tue Sep 8 20:38:39 UTC 2015 

Zypper uses the /etc/ssl  path. Do you have a copy of the CA there and did a c_rehash?

Regards
Robert
Am 08.09.2015 22:06 schrieb Daryl Rose <darylrose at outlook.com>:
>
> Avi, 
>
> I am having a certificate related issue, that I'm hoping you can help me with. 
>
> I decided to move my SW environment into production, so I stood up a brand new SW server and redid the signed certificate according to your documentation.  Everything works fine with the RHEL servers that I've attached, but I'm having certificate issues with SLES. 
>
> When trying to get a package from the SW server I get the following error: 
>
> Retrieving repository 'SLES 11 SP3 Channel' metadata [|] 
> Download (curl) error for 'https://<SPWALK-SERVER>/XMLRPC/GET-REQ/sles11sp3_channel/repodata/repomd.xml?head_requests=no': 
> Error code: Unrecognized error 
> Error message: SSL certificate problem, verify that the CA cert is OK. Details: 
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 
>
> To the best of my knowledge the certificate is just fine.  I've registered three or four SLES severs and they all get the same error when accessing the repository. 
>
> Any suggestions on what I might have done wrong when creating the certificate? 
>
> Thanks 
>
> Daryl 
> ________________________________________ 
> From: spacewalk-list-bounces at redhat.com <spacewalk-list-bounces at redhat.com> on behalf of Daryl Rose <darylrose at outlook.com> 
> Sent: Monday, August 31, 2015 10:58 AM 
> To: spacewalk-list at redhat.com 
> Subject: Re: [Spacewalk-list] How to use a signed certificate? 
>
> Avi, 
>
> The only real sticking point that I had was the root_ca.pem chain.  I had no idea what that was and how to obtain it.  I had to work with my Apache team and figure out exactly what it was, and how to get it.  They had the appropriate certificates and then they showed me the correct order in which to put them so I could create the root_ca.pem file.  Once I worked through that, I was able to get everything worked out. 
>
> Thank you again for the help. 
>
> Daryl 
>
> ________________________________________ 
> From: spacewalk-list-bounces at redhat.com <spacewalk-list-bounces at redhat.com> on behalf of Avi Miller <avi.miller at oracle.com> 
> Sent: Friday, August 28, 2015 4:18 PM 
> To: spacewalk-list at redhat.com 
> Subject: Re: [Spacewalk-list] How to use a signed certificate? 
>
> Hey, 
>
> > On 29 Aug 2015, at 3:43 am, Daryl Rose <darylrose at outlook.com> wrote: 
> > 
> > I just wanted to report that I was able successfully use your docs and use our *.domain cert in my SW environment.  There were a few times that I thought  that I would have to ask for assistance, but I was able to work through those and get this working. 
>
> Fantastic. If you have any notes on documentation improvements, please feel free to send those through to me directly so we can review and improve our documentation. 
>
> Thanks, 
> Avi 
>
> -- 
> Oracle <http://www.oracle.com> 
> Avi Miller | Product Management Director | +61 (3) 8616 3496 
> Oracle Linux and Virtualization 
> 417 St Kilda Road, Melbourne, Victoria 3004 Australia 
>
>
> _______________________________________________ 
> Spacewalk-list mailing list 
> Spacewalk-list at redhat.com 
> https://www.redhat.com/mailman/listinfo/spacewalk-list 
>
> _______________________________________________ 
> Spacewalk-list mailing list 
> Spacewalk-list at redhat.com 
> https://www.redhat.com/mailman/listinfo/spacewalk-list 
>
> _______________________________________________ 
> Spacewalk-list mailing list 
> Spacewalk-list at redhat.com 
> https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list