I've got this also. Spacewalk 2.3
--Tony -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Cliff Perry Sent: Monday, July 13, 2015 6:32 AM To: [email protected] Subject: Re: [Spacewalk-list] Certificate expiry On 13/07/15 11:20, Kobus Bensch wrote: > Morning > > I need some help please. This morning I got this message on the > Spacewalk login: > > Your satellite certificate has expired. Please visit the following > link for steps on how to request or generate a new certificate: > https://access.redhat.com/knowledge/tools/satcertYour satellite enters > restricted period in 7 day(s). > > So I followed the instructions here to get this resolved: > > https://fedorahosted.org/spacewalk/wiki/CertCreation > > Here is the steps I took: > gpg --gen-key > gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc. > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Please select what kind of key you want: > (1) RSA and RSA (default) > (2) DSA and Elgamal > (3) DSA (sign only) > (4) RSA (sign only) > Your selection? 1 > RSA keys may be between 1024 and 4096 bits long. > What keysize do you want? (2048) 4096 > Requested keysize is 4096 bits > Please specify how long the key should be valid. > 0 = key does not expire > <n> = key expires in n days > <n>w = key expires in n weeks > <n>m = key expires in n months > <n>y = key expires in n years > Key is valid for? (0) 3y > Key expires at Thu 12 Jul 2018 10:51:46 AM BST Is this correct? (y/N) > y > > GnuPG needs to construct a user ID to identify your key. > > Real name: Infrastructure_Team > Email address: [email protected] > Comment: Spacewalk Cert > You selected this USER-ID: > "Infrastructure_Team (Spacewalk Cert) <[email protected]>" > > Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a > Passphrase to protect your secret key. > > can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory > gpg-agent[12582]: directory `/root/.gnupg/private-keys-v1.d' created > We need to generate a lot of random bytes. It is a good idea to > perform some other action (type on the keyboard, move the mouse, > utilize the > disks) during the prime generation; this gives the random number > generator a better chance to gain enough entropy. > We need to generate a lot of random bytes. It is a good idea to > perform some other action (type on the keyboard, move the mouse, > utilize the > disks) during the prime generation; this gives the random number > generator a better chance to gain enough entropy. > gpg: key C787B908 marked as ultimately trusted public and secret key > created and signed. > > gpg: checking the trustdb > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model > gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u > gpg: next trustdb check due at 2018-07-12 > pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12] > Key fingerprint = E0A9 C645 60C3 FAD1 4EE9 0388 1627 481B C787 B908 > uid Infrastructure_Team (Spacewalk Cert) > <[email protected]> > sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12] > > gpg --list-keys > /root/.gnupg/pubring.gpg > ------------------------ > pub 1024D/F24F1B08 2002-04-23 [expired: 2004-04-22] > uid Red Hat, Inc (Red Hat Network) > <[email protected]> > > pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12] > uid Infrastructure_Team (Spacewalk Cert) > <[email protected]> > sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12] > > [root@dc2pmzspw01 ~]# gpg --list-secret-keys /root/.gnupg/secring.gpg > ------------------------ > sec 4096R/3E092771 2015-07-13 [expires: 2018-07-12] > uid Infrastructure Team (Spacewalk Cert) > <[email protected]> > ssb 4096R/DCFD06A8 2015-07-13 > > sec 4096R/C787B908 2015-07-13 [expires: 2018-07-12] > uid Infrastructure_Team (Spacewalk Cert) > <[email protected]> > ssb 4096R/113C619E 2015-07-13 > > gpg --export -a C787B908 > spacewalk-key.gpg gpg --export-secret-keys > -a C787B908 > spacewalk-secretkey.gpg > > gpg --keyring /etc/webapp-keyring-new.gpg --no-default-keyring > --import spacewalk-key.gpg spacewalk-secretkey.gpg > gpg: keyring `/etc/webapp-keyring-new.gpg' created > gpg: key C787B908: public key "Infrastructure_Team (Spacewalk Cert) > <[email protected]>" imported > gpg: key C787B908: already in secret keyring > gpg: Total number processed: 2 > gpg: imported: 1 (RSA: 1) > gpg: secret keys read: 1 > gpg: secret keys unchanged: 1 > > mv /etc/webapp-keyring.gpg /etc/webapp-keyring-old.gpg mv > /etc/webapp-keyring-new.gpg /etc/webapp-keyring.gpg > > gpg --keyring /etc/webapp-keyring.gpg --no-default-keyring --list-keys > /etc/webapp-keyring.gpg > ----------------------- > pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12] > uid Infrastructure_Team (Spacewalk Cert) > <[email protected]> > sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12] > > ./gen-oss-sat-cert.pl --orgid 1 --owner "Infrastructure_Team > (Spacewalk > Cert) <[email protected]>" --signer C787B908 --output > spacewalk-cert.cert --expires "2018-07-13 00:00:00" --slots 200000 > --satellite-version spacewalk > Passphrase: > gpg: Signature made Mon 13 Jul 2015 11:07:12 AM BST using RSA key ID > C787B908 > gpg: Good signature from "Infrastructure_Team (Spacewalk Cert) > <[email protected]>" > Signatures validation succeeded. > Certificate saved as tpgspacewalk-cert.cert > > rhn-satellite-activate --sanity-only --rhn-cert=spacewalk-cert.cert > [no output] > > rhn-satellite-activate --disconnected --rhn-cert=spacewalk-cert.cert > Certificate specifies 0 of virtualization_host_platform entitlements. > There are 3000 entitlements allocated to non-base org(s) (0 used). > You might need to deallocate some entitlements from non-base > organization(s). > You need to free 3000 entitlements to match the new certificate. > In the WebUI, the entitlement is named Virtualization Host Platform. > Certificate specifies 0 of monitoring_entitled entitlements. > There are 338 entitlements used by systems in the base (id 1) > organization, > plus 3000 entitlements allocated to non-base org(s) (26 used). > You might need to unentitle some systems in the base organization, > or deallocate some entitlements from non-base organization(s). > You need to free 3338 entitlements to match the new certificate. > In the WebUI, the entitlement is named Monitoring. > Certificate specifies 0 of virtualization_host entitlements. > There are 3000 entitlements allocated to non-base org(s) (0 used). > You might need to deallocate some entitlements from non-base > organization(s). > You need to free 3000 entitlements to match the new certificate. > In the WebUI, the entitlement is named Virtualization Host. > Certificate specifies 0 of provisioning_entitled entitlements. > There are 338 entitlements used by systems in the base (id 1) > organization, > plus 3000 entitlements allocated to non-base org(s) (26 used). > You might need to unentitle some systems in the base organization, > or deallocate some entitlements from non-base organization(s). > You need to free 3338 entitlements to match the new certificate. > In the WebUI, the entitlement is named Provisioning. > Activation failed, will now exit with no changes. > > > I have tried several different settings in the ./gen-oss-sat-cert.pl > command but always the same. > > Can anybody help please? > > Thanks > > Kobus > > Trustpay Global Limited is an authorised Electronic Money Institution > regulated by the Financial Conduct Authority registration number 900043. > Company No 07427913 Registered in England and Wales with registered > address 130 Wood Street, London, EC2V 6DL, United Kingdom. > > For further details please visit our website at www.trustpayglobal.com > <http://www.trustpayglobal.com>. > > The information in this email and any attachments are confidential and > remain the property of Trustpay Global Ltd unless agreed by contract. > It is intended solely for the person to whom or the entity to which it > is addressed. If you are not the intended recipient you may not use, > disclose, copy, distribute, print or rely on the content of this email > or its attachments. If this email has been received by you in error > please advise the sender and delete the email from your system. > Trustpay Global Ltd does not accept any liability for any personal > view expressed in this message. > > > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list > Hi - can you confirm the version of Spacewalk being used? The old Certificate used expired today. We generated a new one a year ago: https://github.com/spacewalkproject/spacewalk/blob/ca2c784eaff062b36f5f464affc50c2a2d21fa6a/branding/setup/spacewalk-public.cert For now, it is safe to ignore the warning - please give us some time to provide our recommended solution here. Since not everyone has upgraded yet to Spacewalk 2.3. Regards, Cliff _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
