Hello List, I have determined what my issue is. It seems to be a bug with the OSA-dispatcher service. My signed cert uses x509v3 extensions with Key Usage set to critical, Digital Signature, and Key Encipherment. This configuration breaks OSA-Dispatcher service from verifying my cert. If I were to add Certificate Sign to the Key Usage settings it will accept the certificate. Certificate Sign is for CAs to actually sign certificates based on RFC 5280 http://www.ietf.org/rfc/rfc5280.txt. I will go ahead and open a bug on this issue. If you by chance have any quick resolution to this issue please let me know. Thank you for your time and have a great day!
Kind regards, JD ---- [email protected] wrote: > Hello List, > > I just received a signed SSL Certificate and was trying to install the cert > into Spacewalk. I was able to get apache and all of that working. The issue I > am running into is with osa-dispatcher. It seems that osa-dispatcher is > having problems verifying the cert. Below you will find the commands I have > performed thus far in order to try and get it working. Please let me know if > there is anything else I can try to get this working. Thank you for your time > and have a great day! > > If you are unable to see the following please use the pastebin link: > http://pastebin.com/aXvhdU3K > > cd /root > cat /dev/null > /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT > openssl x509 -in /root/swkeys/spacewalkdev/<FQDN>.crt -text >> > /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT > /bin/cp -f /root/swkeys/spacewalkdev/<FQDN>.key > /root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY > openssl x509 -in /root/swkeys/spacewalkdev/<FQDN>.crt -text > > /root/ssl-build/spacewalkdev/server.crt > /bin/cp -f /root/swkeys/spacewalkdev/<FQDN>.key > /root/ssl-build/spacewalkdev/server.key > /bin/cp -f /root/swkeys/spacewalkdev/<FQDN>.csr > /root/ssl-build/spacewalkdev/server.csr > /bin/cp -f /root/swkeys/spacewalkdev/gd_bundle.crt /usr/share/rhn/RHNS-CA-CERT > rhn-ssl-tool --gen-server --set-hostname=<FQDN> --rpm-only > rpm -Fvh > ./ssl-build/spacewalkdev/rhn-org-httpd-ssl-key-pair-spacewalkdev-<new-version>.noarch.rpm > cat /dev/null > /root/ssl-build/spacewalkdev/server.pem > cat /root/ssl-build/spacewalkdev/server.crt >> > /root/ssl-build/spacewalkdev/server.pem > cat /root/ssl-build/spacewalkdev/server.key >> > /root/ssl-build/spacewalkdev/server.pem > /bin/cp -f /root/ssl-build/spacewalkdev/server.pem > /etc/pki/spacewalk/jabberd/server.pem > /bin/cp -f /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT > /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT > spacewalk-service restart > > Kind regards, > JD > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
