I have a valid SSL certificate created from a trusted CA (certs.ipsca.com -- .EDU's get free certs from there). I'm trying to install this SSL certificate into spacewalk .6. Basically, all I'm looking to do is to use the trusted SSL cert for the web interfaces of spacewalk so we don't get the error from IE or Firefox saying the certificate is not valid (the default self-signed one).
The only instructions I've found on how to do this is at this site: http://www.unf**kablelinux.com/2008/07/spacewalk-and-avoiding-self-signe d-certificates/ (replace the *'s to get the real URL -- I wanted the message to make it past spam filters!) I've followed those directions step by step and I can get our issued IPSCA certificate to show up in the web browser, but the browser still states it is not a trusted authority (IPSCA *IS* in the IE and Firefox trusted authorities). I'm still able to login to the web interface, but I did get errors when restarted spacewalk: Starting osa-dispatcher: RHN 26627 2009/09/09 09:45:38 -04:00: ('Traceback caught:',) RHN 26627 2009/09/09 09:45:38 -04:00: ('Traceback (most recent call last):\n File "/usr/share/rhn/osad/jabber_lib.py", line 617, in connect\n ssl.do_handshake()\nError: [(\'SSL routines\', \'SSL3_GET_SERVER_CERTIFICATE\', \'certificate verify failed\')]\n',) [FAILED] I get the following that shows up in my syslogs during startup of spacewalk: Sep 9 09:45:38 spacewalk-prod-01 jabberd/c2s[26522]: [7] [127.0.0.1, port=52800] error: SSL handshake error (error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca) Any idea what might be going on? I've already installed the trusted CA and intermediate certs per the directions on that site above. --greg Gregory A. Fuller - CCNA Network Manager State University of New York at Oswego Phone: (315) 312-5750 http://www.oswego.edu/~gfuller _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
