[Spacewalk-list] More Spacewalk 26 Certificate Problems....can't get 3rd party cert to work with osa-dispatcher and jabber

Wilkinson, Matthew MatthewWilkinson at alliantenergy.com
Thu Jun 8 20:45:47 UTC 2017 

Oh glad to hear it. Yes, I generated my CSR for SW on the server so it just worked as documented for the  most part. 

--Matthew Wilkinson

-----Original Message-----
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Eric
Sent: Thursday, June 08, 2017 14:27
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] More Spacewalk 26 Certificate Problems....can't get 3rd party cert to work with osa-dispatcher and jabber

[This is an external email. Be cautious with links, attachments and responses.]

**********************************************************************
SUCCESS!

Ok, so the main issue is that all of the available docs "assume" that the CSR is generated on the Spacewalk server, which is not always the case.  Since we use a tool for our company, and you do the CSR on the tool itself....you have to download that in addition to the cert.  You also have to use the private key.

So the additional steps in my case were:

retrieve the CSR and copy it to /root/ssl-build/<hostname>/server.csr

retrieve the .key file, use openssl rsa to strip the password out, and copy it to /root/ssl-build/<hostname>/server.key


In addition, these steps in the Redhat doc break osa-dispatcher:

# cp /etc/httpd/conf/ssl.key/server.key /etc/jabberd/server.pem
# cat /etc/httpd/conf/ssl.crt/server.crt >> /etc/jabberd/server.pem
# cp /etc/jabberd/server.pem /etc/pki/spacewalk/jabberd/server.pem

Do NOT do those steps.

With the exception of the additional steps I did regarding the key and csr, I 
followed the current Spacewalk 2.6 Oracle document linked to previously.


Thanks everybody for the help!  



On Thursday 08 June 2017 09:12:23 David Hrbáč wrote:
> Avi,
> 
> I realised meanwhile. Thanks fro sharing. It helped with our CA.
> 
> Thanks,
> DH
> 
> 2017-06-07 21:36 GMT+02:00 Avi Miller <https://urldefense.proofpoint.com/v2/url?u=http-3A__avi.miller-40oracle.com&d=DwIGaQ&c=GUDVeAVg1gjs_GJkmwL1m3gEzDND7NeJG5BIAX_2yRE&r=zxSMv3Yyn0u8GiLjBm805qsHQ-PQnlWklaJFaNwJsRdou0Rx32Ld6bt57-Tq1kdA&m=XiHUGAX-77yDfGLzeS2obq175y6YjXuOhVGgPJiDSTw&s=40qPDqZ4jl4w6GPdweUVFVv5ii6dI-e5OdpdsivCogE&e= >:
> > Hi,
> > 
> > On 8 Jun 2017, at 5:30 am, David Hrbáč <david-lists at hrbac.cz> wrote:
> > 
> > Interesting reading is also here https://urldefense.proofpoint.com/v2/url?u=https-3A__omg.dje.li_2017_&d=DwIGaQ&c=GUDVeAVg1gjs_GJkmwL1m3gEzDND7NeJG5BIAX_2yRE&r=zxSMv3Yyn0u8GiLjBm805qsHQ-PQnlWklaJFaNwJsRdou0Rx32Ld6bt57-Tq1kdA&m=XiHUGAX-77yDfGLzeS2obq175y6YjXuOhVGgPJiDSTw&s=PcgsFHLsCO8rB3DqZkzNkh-VjppHZDM6gVWHJ08B0jE&e= 
> > 04/using-lets-encrypt-ssl-certificates-with-spacewalk/
> > 
> > 
> > Glad you like it, that’s my personal blog. :)
> > 
> > Cheers,
> > Avi
> > 
> > --
> > Oracle <http://www.oracle.com>
> > Avi Miller | Product Management Director | +61 (3) 8616 3496
> > <+61%203%208616%203496>
> > Oracle Linux and Virtualization
> > 417 St Kilda Road, Melbourne, Victoria 3004 Australia
> > 
> > 
> > _______________________________________________
> > Spacewalk-list mailing list
> > Spacewalk-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/spacewalk-list


_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list