server.pem and RHN-ORG-TRUSTED-SSL-CERT are two different things. server.pem is for jabberd. the CN in server.pem should be your spacewalk proxy's fqdn. RHN-ORG-TRUSTED-SSL-CERT should be identical to your non-proxied clients' (at least it is in our environment). Double check that the <id></id> fields in /etc/jabberd/c2s.xml match the CN in the server.pem. You can check the CN in server.pem by running
openssl x509 -text < /etc/jabberd/server.pem On 2012-02-17 2:48 PM, "Sean Carolan" <[email protected]> wrote: >On Thu, Feb 16, 2012 at 4:53 PM, Jeremy Davis <[email protected]> >wrote: >> If a server is connecting to a Spacewalk Proxy server you will need to >>use >> the SSL Cert that was generated for that proxy server. This Cert will >>be in >> the same location as the app server but on the proxy server. > >How is /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT supposed to be created >on the proxy machine? On most of our "normal" client servers, we >simply use wget to pull this file so that OSAD will work. But if the >proxy server is supposed to have a different cert in this location, >how does it get created? Here's what happens if I try to configure >the proxy without this file in place: > >[root@spacewalkproxy01 ~]# configure-proxy.sh >RHN Parent [spacewalk02.company.com]: >CA Chain [/usr/share/rhn/RHNS-CA-CERT]: >/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT >Error: File /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT is not readable by >nobody user. > >Forgive me for all the noob questions; I'm still learning how all this >stuff fits together. The documentation on the SSL setup is a bit >thin... > >_______________________________________________ >Spacewalk-list mailing list >[email protected] >https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
