On Fri, Feb 17, 2012 at 2:11 PM, Wojtak, Greg (Superfly) <[email protected]> wrote: > server.pem and RHN-ORG-TRUSTED-SSL-CERT are two different things. > > server.pem is for jabberd. the CN in server.pem should be your spacewalk > proxy's fqdn. RHN-ORG-TRUSTED-SSL-CERT should be identical to your > non-proxied clients' (at least it is in our environment). Double check > that the <id></id> fields in /etc/jabberd/c2s.xml match the CN in the > server.pem. You can check the CN in server.pem by running > > openssl x509 -text < /etc/jabberd/server.pem
w00t - I got it working! The fix in case anyone runs into something similar: 1. Stop the rhn-proxy services 2. Wipe clean the contents of /root/ssl-build on the proxy server 3. Remove all spacewalk-proxy* packages from the system 4. Delete /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT on the proxy server if it still exists 5. Reinstall the proxy server: yum install spacewalk-proxy-installer 6. Run "configure-proxy.sh". It will fail the first time asking you to scp your cert, key and config file over like so: scp '[email protected]:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}' /root/ssl-build 7. Run "configure-proxy.sh" again, this time it will complete and ask you for your SSL passphrase. Once this completes successfully it should work! 8. Test a client by registering it with the proxy, and then starting up osad. It should start showing up with "Online as of $DATE" in the GUI. I believe #6 and #7 is where I was failing the first few tries. There were multiple certs in the /root/ssl-build directory, and I had forgotten the ssl cert passphrase. Fortunately I managed to get rid of the unnecessary certs, and dig up the passphrase for the real certificate. Thanks Greg and Jeremy for the helpful suggestions. _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
