[prev in list] [next in list] [prev in thread] [next in thread]
List: spacewalk-list
Subject: Re: [Spacewalk-list] rhnpush and self signed certificate
From: Michael Mraka <michael.mraka () redhat ! com>
Date: 2013-08-19 11:16:20
Message-ID: 20130819111620.GB14119 () magni ! brq ! redhat ! com
[Download RAW message or body]
Paul Robert Marino wrote:
% Well there are a few reasons why this could happen.
% The short answer is no.
% The most common problem that causes this is a severe time and or date offset
% between the server an the host. The way to fix that is ntp.
%
% The second is a hostname resolution mismatch. The easiest way to work around
% this is if you don't have full forward and reverse controls of the lookup you
% can set the host name as the up address and that will fool the openssl
% libraries into acting the way you want. And there is a series of well
% documented commands you need to run to rename the host in spacewalk and make
% new self signed certs to make that work
%
% The third scenario is you didn't answer the questions properly during the
% install and it defaulted to the hostname but not the FQDN in other words the
% hostname without the domain. Essentially in that case you need to recreate the
% self signed certs with the FQDN
Also make sure you have correct path to certificate
in /etc/sysconfig/rhn/rhnpushrc:
#The CA cert used to verify the ssl server
ca_chain = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━ \
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
% Hi,
%
% I've installed and configured Spacewalk on Fedora 19. The WebUI is
% running correctly.
% When I try to use rhnpush to put a new package I get the following
% error:
%
% [root@localhost ~]# rhnpush --verbose --nosig
% --channel=debian_amd64_wheezy vim_7.4.000-1_amd64.deb
% Connecting to https://localhost/APP
% Username: admin
% Password:
%
% ERROR: unhandled exception occurred: ([('SSL routines',
% 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]).
%
% This problem seems related to the self signed certificate Apache is
% using. Is there any way to tell rhnpush to do not verify the
% certificate?
%
% Thanks in advance.
Regards,
--
Michael Mráka
Satellite Engineering, Red Hat
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic