Re: [Spacewalk-list] after installation of 3rd party SSL certificate, now getting (intermittent) errors!

Thu, 24 Apr 2014 16:23:24 -0700

Did you deploy the CA cert from the third party signer to the hosts as in place of the one initially deployed by spacewalk or update the /etc/sysconfig/rhn/up2date file to point to the stock copy form the 3rd party vendor deployed by the rpm included in the distro.

Also heartbleed effected a smaller number of certs than most people think essentially if the cert was generated prior to the poisonous patch its safe. Its only new certs generated by versions after the poisonous patch and or systems that haven't updated the openssl libraries since which are vulnerable.
The vast majority of production systems are reasonably safe. Further more I wouldn't worry about it that much unless your traffic goes over a public network. Essentially if someone has the access to utilize it in your internal network you have a much bigger problem.

To be clear if you are vulnerable its a huge problem especially if you deal with ecommerce, web based financial information, or data that can be used for identity theaft. But you have really look at and understand the problem before you should panic and replace all your certs.


-- Sent from my HP Pre3

On Apr 24, 2014 14:19, Andy Ingham <[email protected]> wrote:

Ever since we switched from a self-signed to a third-party SSL certificate
two days ago (thank you, Heartbleed!), I've seen intermittent issues.

The most obvious error: the daily 11:00 PM "compare-configs-default" task
(which has always run successfully for all 70+ servers), now is failing
for 98% (but not ALL!) hosts. The event message when it fails is: "This
action has been picked up multiple times without a successful transaction;
this action is now failed for this system."

The osa-dispatcher.log and rhn_server_xmlrpc.log show LOTS of entries like
rhnSQL/driver_postgresql.check_connection('ERROR', "DATABASE CONNECTION
TO 'spaceschema' LOST", "Exception information: Database instance has no
attribute 'dbh'")
clustered around the time of the scheduled run

I've done full restarts of postgres and spacewalk (and even a full reboot
for good measure).

Is there some reason that a cert change would lead to problems with
postgres connections, or is the error above a red herring?

Any ideas of where to look next?

TIA,
Andy

Andy Ingham
IT Infrastructure
Fuqua School of Business
Duke University




_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list 
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list

Reply via email to