[Spacewalk-list] Re-generating Spacewalk certs?

Fouts, Christopher Christopher.Fouts at Teradata.com
Thu Jun 1 18:29:29 UTC 2017 

I regenerated my certs using a different common name (td-spacewalk.company.com) other than the hostname b/c AWS uses ip-10-xx-xx-xx.ec2.internal as hostnames. Now I get this when I start osa-dispatcher on my Spacewalk server

2017/06/01 18:08:45 -00:00 12027 0.0.0.0: osad/jabber_lib.print_message('Could not connect to jabber server', 'ip-xx.xx.xx.ec2.internal')

I updated the /etc/jabberd/sm.xml,c2s.xml files

I restarted jabberd

I reran spacewalk-setup-jabberd

/etc/pki/spacewalk/server.pem contains the correct cert.


Chris


From: <spacewalk-list-bounces at redhat.com> on behalf of "Fouts, Christopher" <Christopher.Fouts at Teradata.com>
Reply-To: "spacewalk-list at redhat.com" <spacewalk-list at redhat.com>
Date: Wednesday, May 31, 2017 at 4:14 PM
To: "spacewalk-list at redhat.com" <spacewalk-list at redhat.com>
Subject: Re: [Spacewalk-list] Re-generating Spacewalk certs?

Thanks! I’ll be testing all these ideas.

Chris

From: <spacewalk-list-bounces at redhat.com> on behalf of Dimitri Yioulos <dyioulos at netatlantic.com>
Reply-To: "spacewalk-list at redhat.com" <spacewalk-list at redhat.com>
Date: Wednesday, May 31, 2017 at 4:12 PM
To: "spacewalk-list at redhat.com" <spacewalk-list at redhat.com>
Subject: Re: [Spacewalk-list] Re-generating Spacewalk certs?

Also remember that “serverURL=” in the up2date file must match the CN.


From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of William H. ten Bensel
Sent: Wednesday, May 31, 2017 4:03 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] Re-generating Spacewalk certs?

I believe this can be done:

Linux 6: update /etc/hosts, /etc/sysconfig/network and hostname with what you want it to be.
Linux 7: update /etc/hosts and /etc/hostname

Then regenerate the SSL.


- Thanks and good luck



From:        "Fouts, Christopher" <Christopher.Fouts at Teradata.com<mailto:Christopher.Fouts at Teradata.com>>
To:        "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Date:        05/31/2017 02:55 PM
Subject:        Re: [Spacewalk-list] Re-generating Spacewalk certs?
Sent by:        spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com>
________________________________



This email originated from outside of the company. Please use discretion if opening attachments or clicking on links.
________________________________

Thanks. I believe that spacewalk-setup just calls the rhn-ssl.

For AWS instances, hostname is usually ip-10-xx-xx-xx.ec2.instance for example. I do however, put a load balancer in front of my AWS instance, and create a Route 53 CNAME, for exmpale, td-spacewalk.company.com. I want the Certs to have the td-spacewalk.company.com as CN, instead of ip-10-xx-xx-xx.ec2.instance.

Chris

From: <spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com>> on behalf of Dimitri Yioulos <dyioulos at netatlantic.com<mailto:dyioulos at netatlantic.com>>
Reply-To: "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Date: Wednesday, May 31, 2017 at 3:30 PM
To: "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Subject: Re: [Spacewalk-list] Re-generating Spacewalk certs?

Chris,

1.      I think you can use rhn-ssl to generate the new cert.  See  https://access.redhat.com/solutions/10809.
2.      CN should be the fqdn of your spacewalk server.

HTH

Dimitri

From: spacewalk-list-bounces at redhat.com<mailto:spacewalk-list-bounces at redhat.com> [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Fouts, Christopher
Sent: Wednesday, May 31, 2017 2:41 PM
To: spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>
Subject: [Spacewalk-list] Re-generating Spacewalk certs?

I have two questions regaring SW certs?
1.                  How can I regenerate certs, just by running spacewalk-setup, and simply don’t touch the DB?
2.                  If using an answer file, how do I set the common name (CN)?

Thanks,
ChrisThis email originated from outside of the company.  Please use discretion if opening attachments or clicking on links.

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list



**



This email and any attachments may contain information that is confidential and/or privileged for the sole use of the intended recipient. Any use, review, disclosure, copying, distribution or reliance by others, and any forwarding of this email or its contents, without the express permission of the sender is strictly prohibited by law. If you are not the intended recipient, please contact the sender immediately, delete the e-mail and destroy all copies.

**
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20170601/be748044/attachment.htm>

More information about the Spacewalk-list mailing list