I have yet to get OSA through the proxies to work. This is my next thing to tackle. I will report back once I have this sorted.
William Clark On Aug 15, 2011, at 6:38 AM, Wojtak, Greg wrote: > I've had this same issue. I had to revert back to the self-signed cert for > httpd in order to get OSA and provisioning to work properly. > > From: Jeremy Davis <[email protected]<mailto:[email protected]>> > Reply-To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Date: Fri, 12 Aug 2011 20:16:36 -0400 > To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Subject: Re: [Spacewalk-list] Help with client connection to Spacewalk Proxy > via SSL with CA signed cert > > William, > > Are you using osa-dispatcher and osad for remote command functionality > between the App server and all clients/proxy servers? I have been trying to > get a signed SSL cert to work and been having issues with getting > osa-dispatcher to restart using the new cert. If you are using this could you > provide a step by step on how you have been able to get a signed cert to work > with your setup? Thank you for your time and have a great day! > > Thanks, > Jeremy > > On Fri, Aug 12, 2011 at 12:44 PM, William Clark > <[email protected]<mailto:[email protected]>> wrote: > I solved the issue. I took the csr in /etc/httpd/conf/ssl.csr and used that > to get a signed cert from my CA. I then took the resultant cert and moved it > to /etc/httpd/conf/ssl.crt/server.crt. I then restarted httpd and I no > longer get ssl errors on clients trying to connect to the proxy with ssl. > Nothing else broke in the process so I believe I am good to go. > > William Clark > > On Aug 12, 2011, at 11:07 AM, William Clark wrote: > >> Here is some background on the system I am running. I currently have a >> single spacewalk server running SW1.4 and I have 2 proxy servers running >> proxy 1.4. >> >> On my spacewalk server I have a CA signed cert and set everything up for >> that. I connected the proxy's and they communicate to the master server >> over ssl with no issues. The problem comes in when I try to connect via SSL >> from a client to one of the proxy servers. I get SSL certificate errors. I >> suspect that this may have something to do with the fact that I have a CA >> signed cert on the master but not the proxy's. So when the proxy's try and >> validate their self signed certs against the CA chain I have from a valid CA >> they cannot validate their certs. >> >> Question is, is there a way to get CA signed certs in place on the proxy's >> so that I can connect to the proxy's from clients via SSL? >> >> William Clark >> > > > _______________________________________________ > Spacewalk-list mailing list > [email protected]<mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/spacewalk-list > > > > -- > Thank you, > Jeremy Davis, GCIH > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
