Hello, I am utilizing Spacewalk 1.6 with non-self-signed SSL certificate provided by a commercial CA (a requirement in my environment due to PCI compliance).
I successfully followed (pardon the URL)... http://unfuckablelinux.com/2008/07/02/spacewalk-and-avoiding-self-signed-certificates/ ...to install a valid SSL certificate into Spacewalk. This server has been in production tracking 1.6-nightly and now 1.6-release since Sept 2011, and it is working well. I am now creating a Spacewalk Proxy 1.6. When running the automation script 'configure-proxy.sh', you must copy the the files three files RHN-ORG-PRIVATE-SSL-KEY, RHN-ORG-TRUSTED-SSL-CERT, and rhn-ca-openssl.cnf from the main Spacewalk server in /root/ssl-build. Because I am not using a self-signed SSL cert on the main Spacewalk server, the script fails with: Using configuration from /root/ssl-build/rhn-ca-openssl.cnf CA certificate and CA private key do not match 140222874289992:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:325: I am uncertain if anyone else has set up their main Spacewalk server with a non-self-signed SSL certificate and then attempted to set up a Spacewalk Proxy. Since the automation script, /usr/sbin/configure-proxy.sh, fails on line 500 when it is trying to build the SSL certificate, I will be manually generating the instructions & process for installing non-self-signed SSL cert into a Spacewalk Proxy. If you are interested in that process, please let me know and I'll post my how-to on this list to successfully get a Spacewalk Proxy 1.6 to use a non-self-signed SSL cert. Best, ScottW _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
