Solved it, for the benefit of others looking for more information osa-dispatcher uses
/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT for the CA and jabber uses /etc/pki/spacewalk/jabberd/server.pem which is installed by the rpm. (/etc/jabberd/server.pem isn't used) openssl x509 -text server.pem and checking Authority Key Identifier is useful tool! :) On Fri, Jul 16, 2010 at 11:59 AM, A Robinson <[email protected]> wrote: > I also followed similar howtos and have the same problem. -- I > couldn't find any solution posted to the list. > > Thanks > > On Tue, Apr 27, 2010 at 4:17 PM, Sascha Bendix > <[email protected]> wrote: >> Hi, >> >> I changed the certificates of a spacewalk instance. I found several >> howto like >> http://unfuckablelinux.com/2008/07/02/spacewalk-and-avoiding-self-signed-certificates/ >> or http://www.marcus-moeller.de/spacewalk/spacewalk-ssl-zertifikat.html . >> >> After a restart of spacewalk the osa-dispatcher quits with the message: >> >> Starting osa-dispatcher: RHN 2360 2010/04/27 16:52:34 +02:00: >> ('Traceback caught:',) >> RHN 2360 2010/04/27 16:52:34 +02:00: ('Traceback (most recent call >> last):\n File "/usr/share/rhn/osad/jabber_lib.py", line 620, in >> connect\n ssl.do_handshake()\nError: [(\'SSL routines\', >> \'SSL3_GET_SERVER_CERTIFICATE\', \'certificate verify failed\')]\n',) >> [FAILED] >> >> I tried to debug the problem but didn't got very far. I assume that >> python didn't trust the CA certificate. >> >> I found several similar posts but the certificate belongs to the fqdn, I >> could verify the certificate agaist the ca and the jabberd virtual host >> works on the fqdn, too. >> >> Can you give me a hint, why python can't verify the certificate or how I >> can add my ca certificate to the trusted certs? >> >> Regards, >> >> Sascha Bendix >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> > _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
