On Thu, Feb 16, 2012 at 6:47 PM, Jeremy Davis <[email protected]> wrote: > Yes, that is the correct cert. You also need to make sure you download that > cert to the client and change the /etc/sysconfig/rhn/osad.conf to point to > that downloaded cert from the proxy server.
Ok, so here are the troubleshooting steps I've taken. * Stop the proxy services * Moved /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT to RHN-ORG-TRUSTED-SSL-CERT.backup * Re-ran configure-proxy.sh using the following answers file (names changed to protect the innocent): VERSION="1.6" RHN_PARENT="spacewalk02.company.com" TRACEBACK_EMAIL="[email protected]" USE_SSL="Y" CA_CHAIN="/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" HTTP_PROXY= SSL_ORG="Some obscure gaming company" SSL_ORGUNIT="spacewalkproxy01.dc.company.com" SSL_COMMON="spacewalkproxy01.dc.company.com" SSL_CITY="Austin" SSL_STATE="Texas" SSL_COUNTRY="US" SSL_EMAIL="[email protected]" INSTALL_MONITORING="n" POPULATE_CONFIG_CHANNEL="n" A brand-spanking new cert was created in /var/www/html/pub, but the OU and CN in the certificate are for RHN_PARENT, or spacewalk02.company.com which is the main app server. Should this be "spacewalkproxy01.dc.company.com" instead? My theory is that the ssl cert may be failing because it has the wrong name in it... _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
