With the addition of consumer certificates to pulp-client, you need to make sure your environment is set up correctly to be able to connect and verify SSL with apache.
We now don't specify/include server-side SSL certificates in pulp. Instead, we rely on apache's default ssl.conf configuration to provide those. By default, apache will look to: /etc/pki/tls/certs/localhost.crt That is generated when apache is installed and has the CN of your machine name. In order for the SSL verification to pass, your client requests to the server must be made to the same hostname as the CN. The error message you see has been updated in HEAD (but not the latest build 0.54) to be pretty clear on what the hostname server is expecting requests, so if you want to check you can run: sudo openssl x509 -text -in /etc/pki/tls/certs/localhost.crt Look for the Subject line. Mine is: Subject: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=guardian/emailaddress=r...@guardian Notice the CN is set to "guardian", which is the name of my machine. So when my pulp-client connects, it has to either: * pass --server=guardian * configure /etc/rhui/client.conf to set the host to guardian Also keep in mind that your /etc/hosts file may need to be edited in order to resolve just the machine name (in most cases Fedora will do this for you, but I've seen peoples' machines who didn't have this). Make sure there's a mapping from 127.0.0.1 to the hostname you are going to use: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 guardian Ping me in the chat room if you run into issues. -- Jason Dobies RHCE# 805008743336126 Freenode: jdob _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
