subject:"\[Spacewalk\-list\] Registration to the new server via rhnreg

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

2019-03-02 Thread Robert Paschedag

Am 2. März 2019 00:55:20 MEZ schrieb "Zhou, Rui A. (NSB - CN/Shanghai)" 
:
>My problem was resloved, I reset my login password and it work  now!

I dought that a login reset fixes an SSL verification error but if you're happy 
now, all is good. ;-)

Robert
>
>-Original Message-
>From: Zhou, Rui A. (NSB - CN/Shanghai) 
>Sent: 2019年3月1日 19:02
>To: spacewalk-list@redhat.com; robert.pasche...@web.de
>Cc: Zhu, Ting (NSB - CN/Shanghai) 
>Subject: RE: [Spacewalk-list] Registration to the new server via
>rhnreg_ks returns an SSL error
>
>Very sad to say, they are the same, I think if the file in hosts has
>some impacts? I find I have not write the configuration before. I will
>try and tell the result later.
>[root@spacewalk-server pxelinux.cfg]# cat /etc/hosts
>127.0.0.1   localhost localhost.localdomain localhost4
>localhost4.localdomain4
>::1 localhost localhost.localdomain localhost6
>localhost6.localdomain6
>135.251.206.139 spacewalk-server
>
>Client:
>[root@FNSHA172 yum.repos.d]# cat
>/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>Certificate:
>Data:
>Version: 3 (0x2)
>Serial Number:
>91:88:95:56:dd:6c:6d:0d
>
>Server:
>[root@spacewalk-server ~]# cat
>/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
>Certificate:
>Data:
>Version: 3 (0x2)
>Serial Number:
>91:88:95:56:dd:6c:6d:0d
>
>-Original Message-
>From: spacewalk-list-boun...@redhat.com
>[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of
>p.cook...@bham.ac.uk
>Sent: 2019年3月1日 17:09
>To: robert.pasche...@web.de; spacewalk-list@redhat.com
>Subject: Re: [Spacewalk-list] Registration to the new server via
>rhnreg_ks returns an SSL error
>
>Whether you re-installed the Spacewalk application on the same server
>or a different one, a new certificate should have been produced after
>running "spacewalk-setup."
>
>Subsequently, the certificate can be viewed on the server:
>
>cat /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
>
>OR
>
>WebUI -> Systems (Top Menu) -> Kickstart (Left Menu) -> GPG and SSL
>Keys -> RHN-ORG-TRUSTED-SSL-CERT -> Key contents
>
>If everything has been done correctly, to register the client, the
>certificate can be viewed on there too:
>
>cat /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>
>If they don't match, you'll have a problem!
>
>Like Robert says, it seems to be "just" a SSL issue really but,
>obviously, the certificate is being generated by the Spacewalk
>application installation.
>
>Regards
>Phil
>
>-Original Message-
>From: robert.pasche...@web.de 
>Sent: 28 February 2019 16:47
>To: spacewalk-list@redhat.com; Philip Cookson (IT Services)
>; spacewalk-list@redhat.com
>Subject: Re: [Spacewalk-list] Registration to the new server via
>rhnreg_ks returns an SSL error
>
>Am 28. Februar 2019 11:10:57 MEZ schrieb "p.cook...@bham.ac.uk"
>:
>>Obviously, that will work but you won’t be using the secure layer or 
>>addressing the underlying problem!
>>
>>If you’re getting the same problem with a new client system I can see 
>>how you may think it’s a server related issue. However, the Spacewalk 
>>certificate is generated during installation so it would be un-usual,
>I 
>>would have thought?
>>
>>Did you add the certificate to the database (certutil -d 
>>sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai 
>>/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT), too, as you only mention 
>>getting the rpm (rpm -Uvh 
>>http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm)?
>>
>>Regards
>>Phil
>>
>>From: spacewalk-list-boun...@redhat.com 
>> On Behalf Of 
>>rui.a.z...@nokia-sbell.com
>>Sent: 28 February 2019 09:51
>>To: spacewalk-list@redhat.com
>>Cc: Zhu, Ting (NSB - CN/Shanghai) 
>>Subject: Re: [Spacewalk-list] Registration to the new server via 
>>rhnreg_ks returns an SSL error
>>
>>
>>I think this may not the problem of the client, when I try to add new 
>>client server it also has the error: The SSL certificate failed 
>>verification.
>>I find this help, change the
>>--serverUrl=https://spacewalk-server/XMLRPC to 
>>--serverUrl=http://spacewalk-server/XMLRPC.  The system can be 
>>registerd,  The reason maybe:
>>
>>*   System did not have the correct SSL certificate.(I check, server
>>and client have the same sslCACert)
>>  *   SSL certificate was corrupted.(how to explain this?)
>
>This is just a standard SSL issue. Nothing special with spacewalk.
>
>If you're connecting to https://spacewalk-server/, "s

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

2019-03-01 Thread Zhou, Rui A. (NSB - CN/Shanghai)

My problem was resloved, I reset my login password and it work  now!

-Original Message-
From: Zhou, Rui A. (NSB - CN/Shanghai) 
Sent: 2019年3月1日 19:02
To: spacewalk-list@redhat.com; robert.pasche...@web.de
Cc: Zhu, Ting (NSB - CN/Shanghai) 
Subject: RE: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error

Very sad to say, they are the same, I think if the file in hosts has some 
impacts? I find I have not write the configuration before. I will try and tell 
the result later.
[root@spacewalk-server pxelinux.cfg]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
135.251.206.139 spacewalk-server

Client:
[root@FNSHA172 yum.repos.d]# cat /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
91:88:95:56:dd:6c:6d:0d

Server:
[root@spacewalk-server ~]# cat /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
91:88:95:56:dd:6c:6d:0d

-Original Message-
From: spacewalk-list-boun...@redhat.com 
[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of p.cook...@bham.ac.uk
Sent: 2019年3月1日 17:09
To: robert.pasche...@web.de; spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error

Whether you re-installed the Spacewalk application on the same server or a 
different one, a new certificate should have been produced after running 
"spacewalk-setup."

Subsequently, the certificate can be viewed on the server:

cat /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT

OR

WebUI -> Systems (Top Menu) -> Kickstart (Left Menu) -> GPG and SSL Keys -> 
RHN-ORG-TRUSTED-SSL-CERT -> Key contents

If everything has been done correctly, to register the client, the certificate 
can be viewed on there too:

cat /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

If they don't match, you'll have a problem!

Like Robert says, it seems to be "just" a SSL issue really but, obviously, the 
certificate is being generated by the Spacewalk application installation.

Regards
Phil

-Original Message-
From: robert.pasche...@web.de 
Sent: 28 February 2019 16:47
To: spacewalk-list@redhat.com; Philip Cookson (IT Services) 
; spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error

Am 28. Februar 2019 11:10:57 MEZ schrieb "p.cook...@bham.ac.uk" 
:
>Obviously, that will work but you won’t be using the secure layer or 
>addressing the underlying problem!
>
>If you’re getting the same problem with a new client system I can see 
>how you may think it’s a server related issue. However, the Spacewalk 
>certificate is generated during installation so it would be un-usual, I 
>would have thought?
>
>Did you add the certificate to the database (certutil -d 
>sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai 
>/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT), too, as you only mention 
>getting the rpm (rpm -Uvh 
>http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm)?
>
>Regards
>Phil
>
>From: spacewalk-list-boun...@redhat.com 
> On Behalf Of 
>rui.a.z...@nokia-sbell.com
>Sent: 28 February 2019 09:51
>To: spacewalk-list@redhat.com
>Cc: Zhu, Ting (NSB - CN/Shanghai) 
>Subject: Re: [Spacewalk-list] Registration to the new server via 
>rhnreg_ks returns an SSL error
>
>
>I think this may not the problem of the client, when I try to add new 
>client server it also has the error: The SSL certificate failed 
>verification.
>I find this help, change the
>--serverUrl=https://spacewalk-server/XMLRPC to 
>--serverUrl=http://spacewalk-server/XMLRPC.  The system can be 
>registerd,  The reason maybe:
>
>*   System did not have the correct SSL certificate.(I check, server
>and client have the same sslCACert)
>  *   SSL certificate was corrupted.(how to explain this?)

This is just a standard SSL issue. Nothing special with spacewalk.

If you're connecting to https://spacewalk-server/, "spacewalk-server" has to be 
included within the SSL certificate. And if that is missing, the certificate 
may be valid but you still get the verification error .

Robert

>
>
>From:
>spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-bounces@redhat.
>com> [mailto:spacewalk-list-boun...@redhat.com] On Behalf Of
>p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk>
>Sent: 2019年2月28日 17:35
>To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
>Subject: Re: [Spacewalk-list] Registration to the new server via 
>rhnreg_ks returns an SSL error
>
>Hi
>
>It’s a little more involved than that! I produced these notes, fo

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

2019-03-01 Thread p.cook...@bham.ac.uk

You're only showing the top of the files there. Is the rest of the information 
the same too, particularly the server name and actual key? All the responses 
from "spacewalk-setup" should be in there really.

Regards
Phil

-Original Message-
From: spacewalk-list-boun...@redhat.com  On 
Behalf Of rui.a.z...@nokia-sbell.com
Sent: 01 March 2019 11:02
To: spacewalk-list@redhat.com; robert.pasche...@web.de
Cc: Zhu, Ting (NSB - CN/Shanghai) 
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error

Very sad to say, they are the same, I think if the file in hosts has some 
impacts? I find I have not write the configuration before. I will try and tell 
the result later.
[root@spacewalk-server pxelinux.cfg]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
135.251.206.139 spacewalk-server

Client:
[root@FNSHA172 yum.repos.d]# cat /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
91:88:95:56:dd:6c:6d:0d

Server:
[root@spacewalk-server ~]# cat /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
91:88:95:56:dd:6c:6d:0d

-Original Message-
From: spacewalk-list-boun...@redhat.com 
[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of p.cook...@bham.ac.uk
Sent: 2019年3月1日 17:09
To: robert.pasche...@web.de; spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error

Whether you re-installed the Spacewalk application on the same server or a 
different one, a new certificate should have been produced after running 
"spacewalk-setup."

Subsequently, the certificate can be viewed on the server:

cat /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT

OR

WebUI -> Systems (Top Menu) -> Kickstart (Left Menu) -> GPG and SSL Keys -> 
RHN-ORG-TRUSTED-SSL-CERT -> Key contents

If everything has been done correctly, to register the client, the certificate 
can be viewed on there too:

cat /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

If they don't match, you'll have a problem!

Like Robert says, it seems to be "just" a SSL issue really but, obviously, the 
certificate is being generated by the Spacewalk application installation.

Regards
Phil

-Original Message-
From: robert.pasche...@web.de 
Sent: 28 February 2019 16:47
To: spacewalk-list@redhat.com; Philip Cookson (IT Services) 
; spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error

Am 28. Februar 2019 11:10:57 MEZ schrieb "p.cook...@bham.ac.uk" 
:
>Obviously, that will work but you won’t be using the secure layer or 
>addressing the underlying problem!
>
>If you’re getting the same problem with a new client system I can see 
>how you may think it’s a server related issue. However, the Spacewalk 
>certificate is generated during installation so it would be un-usual, I 
>would have thought?
>
>Did you add the certificate to the database (certutil -d 
>sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai 
>/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT), too, as you only mention 
>getting the rpm (rpm -Uvh 
>http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm)?
>
>Regards
>Phil
>
>From: spacewalk-list-boun...@redhat.com 
> On Behalf Of 
>rui.a.z...@nokia-sbell.com
>Sent: 28 February 2019 09:51
>To: spacewalk-list@redhat.com
>Cc: Zhu, Ting (NSB - CN/Shanghai) 
>Subject: Re: [Spacewalk-list] Registration to the new server via 
>rhnreg_ks returns an SSL error
>
>
>I think this may not the problem of the client, when I try to add new 
>client server it also has the error: The SSL certificate failed 
>verification.
>I find this help, change the
>--serverUrl=https://spacewalk-server/XMLRPC to 
>--serverUrl=http://spacewalk-server/XMLRPC.  The system can be 
>registerd,  The reason maybe:
>
>*   System did not have the correct SSL certificate.(I check, server
>and client have the same sslCACert)
>  *   SSL certificate was corrupted.(how to explain this?)

This is just a standard SSL issue. Nothing special with spacewalk.

If you're connecting to https://spacewalk-server/, "spacewalk-server" has to be 
included within the SSL certificate. And if that is missing, the certificate 
may be valid but you still get the verification error .

Robert

>
>
>From:
>spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-bounces@redhat.
>com> [mailto:spacewalk-list-boun...@redhat.com] On Behalf Of
>p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk>
>Sent: 2019年2月28日 17:35
>To: spacewalk-list@redhat.com<mailto:spacewalk-lis

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

2019-03-01 Thread Zhou, Rui A. (NSB - CN/Shanghai)

Very sad to say, they are the same, I think if the file in hosts has some 
impacts? I find I have not write the configuration before. I will try and tell 
the result later.
[root@spacewalk-server pxelinux.cfg]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
135.251.206.139 spacewalk-server

Client:
[root@FNSHA172 yum.repos.d]# cat /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
91:88:95:56:dd:6c:6d:0d

Server:
[root@spacewalk-server ~]# cat /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
91:88:95:56:dd:6c:6d:0d

-Original Message-
From: spacewalk-list-boun...@redhat.com 
[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of p.cook...@bham.ac.uk
Sent: 2019年3月1日 17:09
To: robert.pasche...@web.de; spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error

Whether you re-installed the Spacewalk application on the same server or a 
different one, a new certificate should have been produced after running 
"spacewalk-setup."

Subsequently, the certificate can be viewed on the server:

cat /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT

OR

WebUI -> Systems (Top Menu) -> Kickstart (Left Menu) -> GPG and SSL Keys -> 
RHN-ORG-TRUSTED-SSL-CERT -> Key contents

If everything has been done correctly, to register the client, the certificate 
can be viewed on there too:

cat /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

If they don't match, you'll have a problem!

Like Robert says, it seems to be "just" a SSL issue really but, obviously, the 
certificate is being generated by the Spacewalk application installation.

Regards
Phil

-Original Message-
From: robert.pasche...@web.de 
Sent: 28 February 2019 16:47
To: spacewalk-list@redhat.com; Philip Cookson (IT Services) 
; spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error

Am 28. Februar 2019 11:10:57 MEZ schrieb "p.cook...@bham.ac.uk" 
:
>Obviously, that will work but you won’t be using the secure layer or 
>addressing the underlying problem!
>
>If you’re getting the same problem with a new client system I can see 
>how you may think it’s a server related issue. However, the Spacewalk 
>certificate is generated during installation so it would be un-usual, I 
>would have thought?
>
>Did you add the certificate to the database (certutil -d 
>sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai 
>/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT), too, as you only mention 
>getting the rpm (rpm -Uvh 
>http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm)?
>
>Regards
>Phil
>
>From: spacewalk-list-boun...@redhat.com 
> On Behalf Of 
>rui.a.z...@nokia-sbell.com
>Sent: 28 February 2019 09:51
>To: spacewalk-list@redhat.com
>Cc: Zhu, Ting (NSB - CN/Shanghai) 
>Subject: Re: [Spacewalk-list] Registration to the new server via 
>rhnreg_ks returns an SSL error
>
>
>I think this may not the problem of the client, when I try to add new 
>client server it also has the error: The SSL certificate failed 
>verification.
>I find this help, change the
>--serverUrl=https://spacewalk-server/XMLRPC to 
>--serverUrl=http://spacewalk-server/XMLRPC.  The system can be 
>registerd,  The reason maybe:
>
>*   System did not have the correct SSL certificate.(I check, server
>and client have the same sslCACert)
>  *   SSL certificate was corrupted.(how to explain this?)

This is just a standard SSL issue. Nothing special with spacewalk.

If you're connecting to https://spacewalk-server/, "spacewalk-server" has to be 
included within the SSL certificate. And if that is missing, the certificate 
may be valid but you still get the verification error .

Robert

>
>
>From:
>spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-bounces@redhat.
>com> [mailto:spacewalk-list-boun...@redhat.com] On Behalf Of
>p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk>
>Sent: 2019年2月28日 17:35
>To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
>Subject: Re: [Spacewalk-list] Registration to the new server via 
>rhnreg_ks returns an SSL error
>
>Hi
>
>It’s a little more involved than that! I produced these notes, for 
>myself, when un-registering a system from a Dev Spacewalk Server and 
>registering it with a Test Spacewalk Server. It’s effectively the same 
>thing that you need to do though.
>
>
>Spacewalk does not provide an option to un-register a client system 
>(similar to registering - “rhnreg_ks”) - the only option

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

2019-03-01 Thread p.cook...@bham.ac.uk

Whether you re-installed the Spacewalk application on the same server or a 
different one, a new certificate should have been produced after running 
"spacewalk-setup."

Subsequently, the certificate can be viewed on the server:

cat /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT

OR

WebUI -> Systems (Top Menu) -> Kickstart (Left Menu) -> GPG and SSL Keys -> 
RHN-ORG-TRUSTED-SSL-CERT -> Key contents

If everything has been done correctly, to register the client, the certificate 
can be viewed on there too:

cat /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

If they don't match, you'll have a problem!

Like Robert says, it seems to be "just" a SSL issue really but, obviously, the 
certificate is being generated by the Spacewalk application installation.

Regards
Phil

-Original Message-
From: robert.pasche...@web.de  
Sent: 28 February 2019 16:47
To: spacewalk-list@redhat.com; Philip Cookson (IT Services) 
; spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error

Am 28. Februar 2019 11:10:57 MEZ schrieb "p.cook...@bham.ac.uk" 
:
>Obviously, that will work but you won’t be using the secure layer or 
>addressing the underlying problem!
>
>If you’re getting the same problem with a new client system I can see 
>how you may think it’s a server related issue. However, the Spacewalk 
>certificate is generated during installation so it would be un-usual, I 
>would have thought?
>
>Did you add the certificate to the database (certutil -d 
>sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai 
>/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT), too, as you only mention 
>getting the rpm (rpm -Uvh 
>http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm)?
>
>Regards
>Phil
>
>From: spacewalk-list-boun...@redhat.com 
> On Behalf Of 
>rui.a.z...@nokia-sbell.com
>Sent: 28 February 2019 09:51
>To: spacewalk-list@redhat.com
>Cc: Zhu, Ting (NSB - CN/Shanghai) 
>Subject: Re: [Spacewalk-list] Registration to the new server via 
>rhnreg_ks returns an SSL error
>
>
>I think this may not the problem of the client, when I try to add new 
>client server it also has the error: The SSL certificate failed 
>verification.
>I find this help, change the
>--serverUrl=https://spacewalk-server/XMLRPC to 
>--serverUrl=http://spacewalk-server/XMLRPC.  The system can be 
>registerd,  The reason maybe:
>
>*   System did not have the correct SSL certificate.(I check, server
>and client have the same sslCACert)
>  *   SSL certificate was corrupted.(how to explain this?)

This is just a standard SSL issue. Nothing special with spacewalk.

If you're connecting to https://spacewalk-server/, "spacewalk-server" has to be 
included within the SSL certificate. And if that is missing, the certificate 
may be valid but you still get the verification error .

Robert

>
>
>From:
>spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-bounces@redhat.
>com> [mailto:spacewalk-list-boun...@redhat.com] On Behalf Of 
>p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk>
>Sent: 2019年2月28日 17:35
>To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
>Subject: Re: [Spacewalk-list] Registration to the new server via 
>rhnreg_ks returns an SSL error
>
>Hi
>
>It’s a little more involved than that! I produced these notes, for 
>myself, when un-registering a system from a Dev Spacewalk Server and 
>registering it with a Test Spacewalk Server. It’s effectively the same 
>thing that you need to do though.
>
>
>Spacewalk does not provide an option to un-register a client system 
>(similar to registering - “rhnreg_ks”) - the only option is to remove 
>the client system’s profile from the Spacewalk server.
>
>To remove a client’s profile from the Spacewalk server perform these
>steps:
>
>
>  1.  Log in to the Spacewalk Console.
>2.  Click on the Systems tab in the top navigation bar and then click 
>on the name of the system which you want to remove from the Systems 
>List.
>  3.  Click the Delete System link in the top-right corner of the page.
>4.  Confirm system profile deletion by clicking the Delete Profile 
>button.
>5.  Now go to the client system and execute below command to remove the 
>associated System ID file:
>
># rm /etc/sysconfig/rhn/systemid
>
>In addition, remove Spacewalk certificate for Development and add 
>certificate for Test. Then register client system with Test Spacewalk
>server:
>
># certutil -d sql:/etc/pki/nssdb -Dn RHN-ORG-TRUSTED-SSL-CERT -t C,, 
>-ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
># rpm -ev rhn-org-trusted-ssl-cert-1.0-1.noarch
># rpm -Uvh https://https://%3cTest>
>Server>/pub/rhn-org-trusted-ss

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

2019-02-28 Thread Robert Paschedag

Am 28. Februar 2019 11:10:57 MEZ schrieb "p.cook...@bham.ac.uk" 
:
>Obviously, that will work but you won’t be using the secure layer or
>addressing the underlying problem!
>
>If you’re getting the same problem with a new client system I can see
>how you may think it’s a server related issue. However, the Spacewalk
>certificate is generated during installation so it would be un-usual, I
>would have thought?
>
>Did you add the certificate to the database (certutil -d
>sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai
>/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT), too, as you only mention
>getting the rpm (rpm -Uvh
>http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm)?
>
>Regards
>Phil
>
>From: spacewalk-list-boun...@redhat.com
> On Behalf Of
>rui.a.z...@nokia-sbell.com
>Sent: 28 February 2019 09:51
>To: spacewalk-list@redhat.com
>Cc: Zhu, Ting (NSB - CN/Shanghai) 
>Subject: Re: [Spacewalk-list] Registration to the new server via
>rhnreg_ks returns an SSL error
>
>
>I think this may not the problem of the client, when I try to add new
>client server it also has the error: The SSL certificate failed
>verification.
>I find this help, change the
>--serverUrl=https://spacewalk-server/XMLRPC to
>--serverUrl=http://spacewalk-server/XMLRPC.  The system can be
>registerd,
> The reason maybe:
>
>*   System did not have the correct SSL certificate.(I check, server
>and client have the same sslCACert)
>  *   SSL certificate was corrupted.(how to explain this?)

This is just a standard SSL issue. Nothing special with spacewalk.

If you're connecting to https://spacewalk-server/, "spacewalk-server" has to be 
included within the SSL certificate. And if that is missing, the certificate 
may be valid but you still get the verification error
.

Robert

>
>
>From:
>spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>
>[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of
>p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk>
>Sent: 2019年2月28日 17:35
>To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
>Subject: Re: [Spacewalk-list] Registration to the new server via
>rhnreg_ks returns an SSL error
>
>Hi
>
>It’s a little more involved than that! I produced these notes, for
>myself, when un-registering a system from a Dev Spacewalk Server and
>registering it with a Test Spacewalk Server. It’s effectively the same
>thing that you need to do though.
>
>
>Spacewalk does not provide an option to un-register a client system
>(similar to registering - “rhnreg_ks”) - the only option is to remove
>the client system’s profile from the Spacewalk server.
>
>To remove a client’s profile from the Spacewalk server perform these
>steps:
>
>
>  1.  Log in to the Spacewalk Console.
>2.  Click on the Systems tab in the top navigation bar and then click
>on the name of the system which you want to remove from the Systems
>List.
>  3.  Click the Delete System link in the top-right corner of the page.
>4.  Confirm system profile deletion by clicking the Delete Profile
>button.
>5.  Now go to the client system and execute below command to remove the
>associated System ID file:
>
># rm /etc/sysconfig/rhn/systemid
>
>In addition, remove Spacewalk certificate for Development and add
>certificate for Test. Then register client system with Test Spacewalk
>server:
>
># certutil -d sql:/etc/pki/nssdb -Dn RHN-ORG-TRUSTED-SSL-CERT -t C,,
>-ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
># rpm -ev rhn-org-trusted-ssl-cert-1.0-1.noarch
># rpm -Uvh https://https://%3cTest>
>Server>/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
># certutil -d sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,,
>-ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
># rhnreg_ks --serverUrl=https:///XMLRPC
>--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>--activationkey=[ACTIVATION KEY]
>
>
>Note, if you’re using OSAD, the service may have stopped during this
>process and therefore, will need to be re-started. I’ve also found
>that, even if it’s still running, I’ve had to restart it before actions
>were automatically picked up again:
>
># systemctl start osad OR service osad start
>
>
>Hope this is of help?
>
>Regards
>Phil
>
>From:
>spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>
>mailto:spacewalk-list-boun...@redhat.com>>
>On Behalf Of
>rui.a.z...@nokia-sbell.com<mailto:rui.a.z...@nokia-sbell.com>
>Sent: 28 February 2019 08:57
>To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
>Cc: Zhu, Ting (NSB - CN/Shanghai)
>mailto:ting@nokia-sbell.com

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

2019-02-28 Thread p.cook...@bham.ac.uk

Obviously, that will work but you won’t be using the secure layer or addressing 
the underlying problem!

If you’re getting the same problem with a new client system I can see how you 
may think it’s a server related issue. However, the Spacewalk certificate is 
generated during installation so it would be un-usual, I would have thought?

Did you add the certificate to the database (certutil -d sql:/etc/pki/nssdb -An 
RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT), 
too, as you only mention getting the rpm (rpm -Uvh 
http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm)?

Regards
Phil

From: spacewalk-list-boun...@redhat.com  On 
Behalf Of rui.a.z...@nokia-sbell.com
Sent: 28 February 2019 09:51
To: spacewalk-list@redhat.com
Cc: Zhu, Ting (NSB - CN/Shanghai) 
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error


I think this may not the problem of the client, when I try to add new client 
server it also has the error: The SSL certificate failed verification.
I find this help, change the --serverUrl=https://spacewalk-server/XMLRPC to
--serverUrl=http://spacewalk-server/XMLRPC.  The system can be registerd,
 The reason maybe:

  *   System did not have the correct SSL certificate.(I check, server and 
client have the same sslCACert)
  *   SSL certificate was corrupted.(how to explain this?)


From: 
spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> 
[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of 
p.cook...@bham.ac.uk<mailto:p.cook...@bham.ac.uk>
Sent: 2019年2月28日 17:35
To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error

Hi

It’s a little more involved than that! I produced these notes, for myself, when 
un-registering a system from a Dev Spacewalk Server and registering it with a 
Test Spacewalk Server. It’s effectively the same thing that you need to do 
though.


Spacewalk does not provide an option to un-register a client system (similar to 
registering - “rhnreg_ks”) - the only option is to remove the client system’s 
profile from the Spacewalk server.

To remove a client’s profile from the Spacewalk server perform these steps:


  1.  Log in to the Spacewalk Console.
  2.  Click on the Systems tab in the top navigation bar and then click on the 
name of the system which you want to remove from the Systems List.
  3.  Click the Delete System link in the top-right corner of the page.
  4.  Confirm system profile deletion by clicking the Delete Profile button.
  5.  Now go to the client system and execute below command to remove the 
associated System ID file:

# rm /etc/sysconfig/rhn/systemid

In addition, remove Spacewalk certificate for Development and add certificate 
for Test. Then register client system with Test Spacewalk server:

# certutil -d sql:/etc/pki/nssdb -Dn RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai 
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# rpm -ev rhn-org-trusted-ssl-cert-1.0-1.noarch
# rpm -Uvh https://https://%3cTest> 
Server>/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
# certutil -d sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai 
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# rhnreg_ks --serverUrl=https:///XMLRPC 
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=[ACTIVATION 
KEY]


Note, if you’re using OSAD, the service may have stopped during this process 
and therefore, will need to be re-started. I’ve also found that, even if it’s 
still running, I’ve had to restart it before actions were automatically picked 
up again:

# systemctl start osad OR service osad start


Hope this is of help?

Regards
Phil

From: 
spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> 
mailto:spacewalk-list-boun...@redhat.com>> 
On Behalf Of rui.a.z...@nokia-sbell.com<mailto:rui.a.z...@nokia-sbell.com>
Sent: 28 February 2019 08:57
To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
Cc: Zhu, Ting (NSB - CN/Shanghai) 
mailto:ting....@nokia-sbell.com>>
Subject: [Spacewalk-list] Registration to the new server via rhnreg_ks returns 
an SSL error

I re-installed the spacewalk server, and the client can not register to the new 
installed server.

[root@FNSHB109 rhn]# rpm -e rhn-org-trusted-ssl-cert-1.0-1.noarch

[root@FNSHB109 rhn]# rpm -Uvh 
http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Retrieving http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Preparing...  # [100%]
Updating / installing...
   1:rhn-org-trusted-ssl-cert-1.0-1   # [100%]

[root@FNSHB109 rhn]# rhnreg_ks --serverUrl=https://spacewalk-server/XMLRPC 
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-cen

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

2019-02-28 Thread Zhou, Rui A. (NSB - CN/Shanghai)


I think this may not the problem of the client, when I try to add new client 
server it also has the error: The SSL certificate failed verification.
I find this help, change the --serverUrl=https://spacewalk-server/XMLRPC to
--serverUrl=http://spacewalk-server/XMLRPC.  The system can be registerd,
 The reason maybe:

  *   System did not have the correct SSL certificate.(I check, server and 
client have the same sslCACert)
  *   SSL certificate was corrupted.(how to explain this?)


From: spacewalk-list-boun...@redhat.com 
[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of p.cook...@bham.ac.uk
Sent: 2019年2月28日 17:35
To: spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Registration to the new server via rhnreg_ks 
returns an SSL error

Hi

It’s a little more involved than that! I produced these notes, for myself, when 
un-registering a system from a Dev Spacewalk Server and registering it with a 
Test Spacewalk Server. It’s effectively the same thing that you need to do 
though.


Spacewalk does not provide an option to un-register a client system (similar to 
registering - “rhnreg_ks”) �C the only option is to remove the client system’s 
profile from the Spacewalk server.

To remove a client’s profile from the Spacewalk server perform these steps:


  1.  Log in to the Spacewalk Console.
  2.  Click on the Systems tab in the top navigation bar and then click on the 
name of the system which you want to remove from the Systems List.
  3.  Click the Delete System link in the top-right corner of the page.
  4.  Confirm system profile deletion by clicking the Delete Profile button.
  5.  Now go to the client system and execute below command to remove the 
associated System ID file:

# rm /etc/sysconfig/rhn/systemid

In addition, remove Spacewalk certificate for Development and add certificate 
for Test. Then register client system with Test Spacewalk server:

# certutil -d sql:/etc/pki/nssdb -Dn RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai 
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# rpm -ev rhn-org-trusted-ssl-cert-1.0-1.noarch
# rpm -Uvh https://https://%3cTest> 
Server>/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
# certutil -d sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai 
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# rhnreg_ks --serverUrl=https:///XMLRPC 
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=[ACTIVATION 
KEY]


Note, if you’re using OSAD, the service may have stopped during this process 
and therefore, will need to be re-started. I’ve also found that, even if it’s 
still running, I’ve had to restart it before actions were automatically picked 
up again:

# systemctl start osad OR service osad start


Hope this is of help?

Regards
Phil

From: 
spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> 
mailto:spacewalk-list-boun...@redhat.com>> 
On Behalf Of rui.a.z...@nokia-sbell.com<mailto:rui.a.z...@nokia-sbell.com>
Sent: 28 February 2019 08:57
To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
Cc: Zhu, Ting (NSB - CN/Shanghai) 
mailto:ting....@nokia-sbell.com>>
Subject: [Spacewalk-list] Registration to the new server via rhnreg_ks returns 
an SSL error

I re-installed the spacewalk server, and the client can not register to the new 
installed server.

[root@FNSHB109 rhn]# rpm -e rhn-org-trusted-ssl-cert-1.0-1.noarch

[root@FNSHB109 rhn]# rpm -Uvh 
http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Retrieving http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Preparing...  # [100%]
Updating / installing...
   1:rhn-org-trusted-ssl-cert-1.0-1   # [100%]

[root@FNSHB109 rhn]# rhnreg_ks --serverUrl=https://spacewalk-server/XMLRPC 
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos7.6 
--force --verbose
D: rpcServer: Calling XMLRPC registration.welcome_message
An error has occurred:
The SSL certificate failed verification.
See /var/log/up2date for more information

[root@FNSHB109 rhn]# cat /etc/sysconfig/rhn/up2date |grep share
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

[Thu Feb 28 16:53:34 2019] up2date D: rpcServer: Calling XMLRPC 
registration.welcome_message
[Thu Feb 28 16:53:34 2019] up2date
Traceback (most recent call last):
  File "/usr/sbin/rhnreg_ks", line 215, in 
cli.run()
  File "/usr/lib/python2.7/site-packages/up2date_client/rhncli.py", line 94, in 
run
sys.exit(self.main() or 0)
  File "/usr/sbin/rhnreg_ks", line 93, in main
rhnreg.getCaps()
  File "/usr/lib/python2.7/site-packages/up2date_client/rhnreg.py", line 264, 
in getCaps
s.capabilities.validate()
  File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 
185, in __get_capabilities
self.registration.welcome_message()
  File "/usr/lib/py

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

2019-02-28 Thread p.cook...@bham.ac.uk

Hi

It's a little more involved than that! I produced these notes, for myself, when 
un-registering a system from a Dev Spacewalk Server and registering it with a 
Test Spacewalk Server. It's effectively the same thing that you need to do 
though.


Spacewalk does not provide an option to un-register a client system (similar to 
registering - "rhnreg_ks") - the only option is to remove the client system's 
profile from the Spacewalk server.

To remove a client's profile from the Spacewalk server perform these steps:


1.   Log in to the Spacewalk Console.

2.   Click on the Systems tab in the top navigation bar and then click on 
the name of the system which you want to remove from the Systems List.

3.   Click the Delete System link in the top-right corner of the page.

4.   Confirm system profile deletion by clicking the Delete Profile button.

5.   Now go to the client system and execute below command to remove the 
associated System ID file:

# rm /etc/sysconfig/rhn/systemid

In addition, remove Spacewalk certificate for Development and add certificate 
for Test. Then register client system with Test Spacewalk server:

# certutil -d sql:/etc/pki/nssdb -Dn RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai 
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# rpm -ev rhn-org-trusted-ssl-cert-1.0-1.noarch
# rpm -Uvh https:///pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
# certutil -d sql:/etc/pki/nssdb -An RHN-ORG-TRUSTED-SSL-CERT -t C,, -ai 
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# rhnreg_ks --serverUrl=https:///XMLRPC 
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=[ACTIVATION 
KEY]


Note, if you're using OSAD, the service may have stopped during this process 
and therefore, will need to be re-started. I've also found that, even if it's 
still running, I've had to restart it before actions were automatically picked 
up again:

# systemctl start osad OR service osad start


Hope this is of help?

Regards
Phil

From: spacewalk-list-boun...@redhat.com  On 
Behalf Of rui.a.z...@nokia-sbell.com
Sent: 28 February 2019 08:57
To: spacewalk-list@redhat.com
Cc: Zhu, Ting (NSB - CN/Shanghai) 
Subject: [Spacewalk-list] Registration to the new server via rhnreg_ks returns 
an SSL error

I re-installed the spacewalk server, and the client can not register to the new 
installed server.

[root@FNSHB109 rhn]# rpm -e rhn-org-trusted-ssl-cert-1.0-1.noarch

[root@FNSHB109 rhn]# rpm -Uvh 
http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Retrieving http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Preparing...  # [100%]
Updating / installing...
   1:rhn-org-trusted-ssl-cert-1.0-1   # [100%]

[root@FNSHB109 rhn]# rhnreg_ks --serverUrl=https://spacewalk-server/XMLRPC 
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos7.6 
--force --verbose
D: rpcServer: Calling XMLRPC registration.welcome_message
An error has occurred:
The SSL certificate failed verification.
See /var/log/up2date for more information

[root@FNSHB109 rhn]# cat /etc/sysconfig/rhn/up2date |grep share
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

[Thu Feb 28 16:53:34 2019] up2date D: rpcServer: Calling XMLRPC 
registration.welcome_message
[Thu Feb 28 16:53:34 2019] up2date
Traceback (most recent call last):
  File "/usr/sbin/rhnreg_ks", line 215, in 
cli.run()
  File "/usr/lib/python2.7/site-packages/up2date_client/rhncli.py", line 94, in 
run
sys.exit(self.main() or 0)
  File "/usr/sbin/rhnreg_ks", line 93, in main
rhnreg.getCaps()
  File "/usr/lib/python2.7/site-packages/up2date_client/rhnreg.py", line 264, 
in getCaps
s.capabilities.validate()
  File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 
185, in __get_capabilities
self.registration.welcome_message()
  File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 84, 
in __call__
raise_with_tb(up2dateErrors.SSLCertificateVerifyFailedError())
  File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 67, 
in __call__
return rpcServer.doCall(method, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", line 
214, in doCall
ret = method(*args, **kwargs)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
return self.__send(self.__name, args)
  File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", line 48, 
in _request1
ret = self._request(methodname, params)
  File "/usr/lib/python2.7/site-packages/rhn/rpclib.py", line 394, in _request
self._handler, request, verbose=self._verbose)
  File "/usr/lib/python2.7/site-packages/rhn/transports.py", line 177, in 
request
headers, fd = req.send_http(host, hand

[Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

2019-02-28 Thread Zhou, Rui A. (NSB - CN/Shanghai)

I re-installed the spacewalk server, and the client can not register to the new 
installed server.

[root@FNSHB109 rhn]# rpm -e rhn-org-trusted-ssl-cert-1.0-1.noarch

[root@FNSHB109 rhn]# rpm -Uvh 
http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Retrieving http://spacewalk-server/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Preparing...  # [100%]
Updating / installing...
   1:rhn-org-trusted-ssl-cert-1.0-1   # [100%]

[root@FNSHB109 rhn]# rhnreg_ks --serverUrl=https://spacewalk-server/XMLRPC 
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-centos7.6 
--force --verbose
D: rpcServer: Calling XMLRPC registration.welcome_message
An error has occurred:
The SSL certificate failed verification.
See /var/log/up2date for more information

[root@FNSHB109 rhn]# cat /etc/sysconfig/rhn/up2date |grep share
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

[Thu Feb 28 16:53:34 2019] up2date D: rpcServer: Calling XMLRPC 
registration.welcome_message
[Thu Feb 28 16:53:34 2019] up2date
Traceback (most recent call last):
  File "/usr/sbin/rhnreg_ks", line 215, in 
cli.run()
  File "/usr/lib/python2.7/site-packages/up2date_client/rhncli.py", line 94, in 
run
sys.exit(self.main() or 0)
  File "/usr/sbin/rhnreg_ks", line 93, in main
rhnreg.getCaps()
  File "/usr/lib/python2.7/site-packages/up2date_client/rhnreg.py", line 264, 
in getCaps
s.capabilities.validate()
  File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 
185, in __get_capabilities
self.registration.welcome_message()
  File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 84, 
in __call__
raise_with_tb(up2dateErrors.SSLCertificateVerifyFailedError())
  File "/usr/lib/python2.7/site-packages/up2date_client/rhnserver.py", line 67, 
in __call__
return rpcServer.doCall(method, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", line 
214, in doCall
ret = method(*args, **kwargs)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
return self.__send(self.__name, args)
  File "/usr/lib/python2.7/site-packages/up2date_client/rpcServer.py", line 48, 
in _request1
ret = self._request(methodname, params)
  File "/usr/lib/python2.7/site-packages/rhn/rpclib.py", line 394, in _request
self._handler, request, verbose=self._verbose)
  File "/usr/lib/python2.7/site-packages/rhn/transports.py", line 177, in 
request
headers, fd = req.send_http(host, handler)
  File "/usr/lib/python2.7/site-packages/rhn/transports.py", line 733, in 
send_http
self._connection.request(self.method, handler, body=bstr(self.data), 
headers=self.headers)
  File "/usr/lib64/python2.7/httplib.py", line 1017, in request
self._send_request(method, url, body, headers)
  File "/usr/lib64/python2.7/httplib.py", line 1051, in _send_request
self.endheaders(body)
  File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders
self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output
self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 840, in send
self.sock.sendall(data)
  File "/usr/lib/python2.7/site-packages/rhn/SSL.py", line 264, in write
sent = self._connection.send(data)
: The SSL 
certificate failed verification.
___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

Re: [Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

[Spacewalk-list] Registration to the new server via rhnreg_ks returns an SSL error

10 matches

Site Navigation

Mail list logo

Footer information