For the record, this was my own stupidity.
I had updated the certificates, but not imported them into the spacewalk
interface.
Sorry
Matt
________________________________
From: [email protected] [[email protected]] on
behalf of Matthew Darcy [[email protected]]
Sent: 24 May 2011 08:48
To: [email protected]
Subject: [Spacewalk-list] repos wrong SSL name ?
While playing around with spacewalk yesterday to try to resolve a DNS issue I
appear to have broken my SSL certificate for my repos.
I've just built a test centos 5 machine from my spacewalk 1.4 Oracle server,
great, not problems.
When I run a yum update on the client to test the functionality, I get a large
trace from Python that basically says the hostname is wrong in the SSL
certificate.
[M2Crypto.SSL.Checker.WrongHost: Peer certificate commonName does not match
host, expected spacewalk01.sccis.net, got spacewalk01
[/quote]
to resolve this I used
rhn-ssl-tool --gen-server --set-hostname="spacewalk01.sccis.net"
which should set the certificate to the correct FQDN I'm now using, it didn't
work.
A little more research and I believe the Peer certificate is actually the CA,
so to resolve this I did
rhn-ssl-tool --gen-ca --force --set-common-name="spacewalk01.sccis.net"
which replaced my existing CA with a new one with the correct common name, I
then re-ran rhn-ssl-tool --gen-ca --force
--set-common-name="spacewalk01.sccis.net" to get that created against the new
CA.
all should be well.
Just kickstarted another test machine, tried to update and got the same error,
still complaining about the common name being spacewalk01 rather than
spacewalk01.sccis.net
Have I missed something ?
thanks,
Matt
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
