Hello,
please follow instructions located at:
https://fedorahosted.org/spacewalk/wiki/HowToUpgrade#PerformSpacewalkactivation
Tomáš
On 07/13/2015 03:56 PM, Coffman, Anthony J wrote:
I've got this also.
Spacewalk 2.3
--Tony
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Cliff Perry
Sent: Monday, July 13, 2015 6:32 AM
To: [email protected]
Subject: Re: [Spacewalk-list] Certificate expiry
On 13/07/15 11:20, Kobus Bensch wrote:
Morning
I need some help please. This morning I got this message on the
Spacewalk login:
Your satellite certificate has expired. Please visit the following
link for steps on how to request or generate a new certificate:
https://access.redhat.com/knowledge/tools/satcertYour satellite enters
restricted period in 7 day(s).
So I followed the instructions here to get this resolved:
https://fedorahosted.org/spacewalk/wiki/CertCreation
Here is the steps I took:
gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 3y
Key expires at Thu 12 Jul 2018 10:51:46 AM BST Is this correct? (y/N)
y
GnuPG needs to construct a user ID to identify your key.
Real name: Infrastructure_Team
Email address: [email protected]
Comment: Spacewalk Cert
You selected this USER-ID:
"Infrastructure_Team (Spacewalk Cert) <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a
Passphrase to protect your secret key.
can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[12582]: directory `/root/.gnupg/private-keys-v1.d' created
We need to generate a lot of random bytes. It is a good idea to
perform some other action (type on the keyboard, move the mouse,
utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to
perform some other action (type on the keyboard, move the mouse,
utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key C787B908 marked as ultimately trusted public and secret key
created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2018-07-12
pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12]
Key fingerprint = E0A9 C645 60C3 FAD1 4EE9 0388 1627 481B C787 B908
uid Infrastructure_Team (Spacewalk Cert)
<[email protected]>
sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12]
gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024D/F24F1B08 2002-04-23 [expired: 2004-04-22]
uid Red Hat, Inc (Red Hat Network)
<[email protected]>
pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12]
uid Infrastructure_Team (Spacewalk Cert)
<[email protected]>
sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12]
[root@dc2pmzspw01 ~]# gpg --list-secret-keys /root/.gnupg/secring.gpg
------------------------
sec 4096R/3E092771 2015-07-13 [expires: 2018-07-12]
uid Infrastructure Team (Spacewalk Cert)
<[email protected]>
ssb 4096R/DCFD06A8 2015-07-13
sec 4096R/C787B908 2015-07-13 [expires: 2018-07-12]
uid Infrastructure_Team (Spacewalk Cert)
<[email protected]>
ssb 4096R/113C619E 2015-07-13
gpg --export -a C787B908 > spacewalk-key.gpg gpg --export-secret-keys
-a C787B908 > spacewalk-secretkey.gpg
gpg --keyring /etc/webapp-keyring-new.gpg --no-default-keyring
--import spacewalk-key.gpg spacewalk-secretkey.gpg
gpg: keyring `/etc/webapp-keyring-new.gpg' created
gpg: key C787B908: public key "Infrastructure_Team (Spacewalk Cert)
<[email protected]>" imported
gpg: key C787B908: already in secret keyring
gpg: Total number processed: 2
gpg: imported: 1 (RSA: 1)
gpg: secret keys read: 1
gpg: secret keys unchanged: 1
mv /etc/webapp-keyring.gpg /etc/webapp-keyring-old.gpg mv
/etc/webapp-keyring-new.gpg /etc/webapp-keyring.gpg
gpg --keyring /etc/webapp-keyring.gpg --no-default-keyring --list-keys
/etc/webapp-keyring.gpg
-----------------------
pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12]
uid Infrastructure_Team (Spacewalk Cert)
<[email protected]>
sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12]
./gen-oss-sat-cert.pl --orgid 1 --owner "Infrastructure_Team
(Spacewalk
Cert) <[email protected]>" --signer C787B908 --output
spacewalk-cert.cert --expires "2018-07-13 00:00:00" --slots 200000
--satellite-version spacewalk
Passphrase:
gpg: Signature made Mon 13 Jul 2015 11:07:12 AM BST using RSA key ID
C787B908
gpg: Good signature from "Infrastructure_Team (Spacewalk Cert)
<[email protected]>"
Signatures validation succeeded.
Certificate saved as tpgspacewalk-cert.cert
rhn-satellite-activate --sanity-only --rhn-cert=spacewalk-cert.cert
[no output]
rhn-satellite-activate --disconnected --rhn-cert=spacewalk-cert.cert
Certificate specifies 0 of virtualization_host_platform entitlements.
There are 3000 entitlements allocated to non-base org(s) (0 used).
You might need to deallocate some entitlements from non-base
organization(s).
You need to free 3000 entitlements to match the new certificate.
In the WebUI, the entitlement is named Virtualization Host Platform.
Certificate specifies 0 of monitoring_entitled entitlements.
There are 338 entitlements used by systems in the base (id 1)
organization,
plus 3000 entitlements allocated to non-base org(s) (26 used).
You might need to unentitle some systems in the base organization,
or deallocate some entitlements from non-base organization(s).
You need to free 3338 entitlements to match the new certificate.
In the WebUI, the entitlement is named Monitoring.
Certificate specifies 0 of virtualization_host entitlements.
There are 3000 entitlements allocated to non-base org(s) (0 used).
You might need to deallocate some entitlements from non-base
organization(s).
You need to free 3000 entitlements to match the new certificate.
In the WebUI, the entitlement is named Virtualization Host.
Certificate specifies 0 of provisioning_entitled entitlements.
There are 338 entitlements used by systems in the base (id 1)
organization,
plus 3000 entitlements allocated to non-base org(s) (26 used).
You might need to unentitle some systems in the base organization,
or deallocate some entitlements from non-base organization(s).
You need to free 3338 entitlements to match the new certificate.
In the WebUI, the entitlement is named Provisioning.
Activation failed, will now exit with no changes.
I have tried several different settings in the ./gen-oss-sat-cert.pl
command but always the same.
Can anybody help please?
Thanks
Kobus
Trustpay Global Limited is an authorised Electronic Money Institution
regulated by the Financial Conduct Authority registration number 900043.
Company No 07427913 Registered in England and Wales with registered
address 130 Wood Street, London, EC2V 6DL, United Kingdom.
For further details please visit our website at www.trustpayglobal.com
<http://www.trustpayglobal.com>.
The information in this email and any attachments are confidential and
remain the property of Trustpay Global Ltd unless agreed by contract.
It is intended solely for the person to whom or the entity to which it
is addressed. If you are not the intended recipient you may not use,
disclose, copy, distribute, print or rely on the content of this email
or its attachments. If this email has been received by you in error
please advise the sender and delete the email from your system.
Trustpay Global Ltd does not accept any liability for any personal
view expressed in this message.
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
Hi - can you confirm the version of Spacewalk being used?
The old Certificate used expired today. We generated a new one a year ago:
https://github.com/spacewalkproject/spacewalk/blob/ca2c784eaff062b36f5f464affc50c2a2d21fa6a/branding/setup/spacewalk-public.cert
For now, it is safe to ignore the warning - please give us some time to provide
our recommended solution here. Since not everyone has upgraded yet to Spacewalk
2.3.
Regards,
Cliff
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
