Hi Yang, Make sure your RPM's were updated that handle the SSL certs for the rest of the system (Output from my environment, your versions numbers will be different):
rhn-org-trusted-ssl-cert-1.0-1.noarch rhn-org-httpd-ssl-key-pair-<systemname>-1.0-3.noarch You should be able to find the RPM's in the /root/ssl-build directory. Regards, Glen Collins ----- Original Message ----- Thank you, Glen. I have got certificate installed following this: > http://www.marsdominion.com/2013/02/01/configuring-a-rhn-satellite-server-with-a-third-party-cert/ I see web server is working fine and after I get new RHN-ORG-TRUSTED-SSL-CERT on client, I can yum update client with spacewalk, but I did notice when I restart spacewalk-service, there is a issue with osa-dispatcher Starting osa-dispatcher: Spacewalk 25785 2014/12/02 11:04:25 -04:00: ('Server does not support TLS - <starttls /> not in <features /> stanza',) Spacewalk 25785 2014/12/02 11:04:25 -04:00: ('Traceback (most recent call last):\n File "/usr/share/rhn/osad/jabber_lib.py", line 252, in setup_connection\n c = self._get_jabber_client(js)\n File "/usr/share/rhn/osad/jabber_lib.py", line 309, in _get_jabber_client\n c.connect()\n File "/usr/share/rhn/osad/jabber_lib.py", line 597, in connect\n raise SSLDisabledError\nSSLDisabledError\n',) [ OK ] what I should do to resolve this? Thanks, Yang On Nov 26, 2014, at 12:25 PM, Glen Collins <[email protected]> wrote: > Hi Yang, > > Look at this: > > http://www.marsdominion.com/2013/02/01/configuring-a-rhn-satellite-server-with-a-third-party-cert/ > > Here is the wiki on changing the name of the server. Give ideas where files > that need to be changed: > > https://fedorahosted.org/spacewalk/wiki/How_to_rename_or_change_a_satellite_hostnam > > Also what I found is you need to rebuild the rpms found under /root/ssl-build > so the new certs are used. Remove the old rpm's and use the new ones. Also > jabber and osa-dispatcher will be unhappy too! > > Anyway, hope this helps! > > Regards, > > Glen Collins > > ----- Original Message ----- > I am trying to use real certificate with spacewalk server. I have changed > /etc/httpd/conf.d/ssl.conf with following: > > SSLCertificateFile /etc/pki/tls/certs/server.crt > SSLCertificateKeyFile /etc/pki/tls/private/server.key > SSLCertificateChainFile /etc/pki/tls/certs/server_interm.crt > > I restarted spacewalk-service > > # spacewalk-service restart > > My spacewalk web GUI seems work fine, but I think I may have missed something > else since all my client will get the SSL certificate failed verification > error. > > # yum check-update > Loaded plugins: product-id, rhnplugin, subscription-manager > This system is not registered to Red Hat Subscription Management. You can use > subscription-manager to register. > > > The SSL certificate failed verification. > > Is there a instruction what else I should do to get everything changed? > > Thanks, > Yang > > > > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
