On Wed, Dec 28, 2011 at 2:10 PM, Miroslav Suchy <[email protected]> wrote: > Dne 28.12.2011 17:50, Scott Worthington napsal(a): > >> I successfully followed (pardon the URL)... >> >> http://unfuckablelinux.com/2008/07/02/spacewalk-and-avoiding-self-signed-certificates/ >> ...to install a valid SSL certificate into Spacewalk. This server has > > > This steps IMHO properly does not populate rhn-ca-openssl.cnf. And you have > wrong filenames since, we assume clean use of rhn-ssl-tool. > > >> been in production tracking 1.6-nightly and now 1.6-release since Sept >> 2011, and it is working well. >> >> I am now creating a Spacewalk Proxy 1.6. >> >> When running the automation script 'configure-proxy.sh', you must copy >> the the files three files RHN-ORG-PRIVATE-SSL-KEY, >> RHN-ORG-TRUSTED-SSL-CERT, and rhn-ca-openssl.cnf from the main >> Spacewalk server in /root/ssl-build. > >> >> Because I am not using a self-signed SSL cert on the main Spacewalk >> server, the script fails with: > > You have to copy that spacewalk-server:/root/ssl-build/spacewalk/server.key > proxy:/root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY > make sure that content of rhn-ca-openssl.cnf is sane and then run: > > configure-proxy.sh --force-own-ca > > Mirek
Thanks Mirek for the tip! I didn't find anything on the Spacewalk Wiki about using own CA, and there is also a bug track about that no documentation on --force-own-ca (https://bugzilla.redhat.com/show_bug.cgi?id=729663). I'll give your tips a try and report back. Thanks, ScottW _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
