Morning
I need some help please. This morning I got this message on the
Spacewalk login:
Your satellite certificate has expired. Please visit the following
link for steps on how to request or generate a new certificate:
https://access.redhat.com/knowledge/tools/satcertYour satellite enters
restricted period in 7 day(s).
So I followed the instructions here to get this resolved:
https://fedorahosted.org/spacewalk/wiki/CertCreation
Here is the steps I took:
gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 3y
Key expires at Thu 12 Jul 2018 10:51:46 AM BST
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Infrastructure_Team
Email address: [email protected]
Comment: Spacewalk Cert
You selected this USER-ID:
"Infrastructure_Team (Spacewalk Cert) <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[12582]: directory `/root/.gnupg/private-keys-v1.d' created
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key C787B908 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2018-07-12
pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12]
Key fingerprint = E0A9 C645 60C3 FAD1 4EE9 0388 1627 481B C787
B908
uid Infrastructure_Team (Spacewalk Cert)
<[email protected]>
sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12]
gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024D/F24F1B08 2002-04-23 [expired: 2004-04-22]
uid Red Hat, Inc (Red Hat Network)
<[email protected]>
pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12]
uid Infrastructure_Team (Spacewalk Cert)
<[email protected]>
sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12]
[root@dc2pmzspw01 ~]# gpg --list-secret-keys
/root/.gnupg/secring.gpg
------------------------
sec 4096R/3E092771 2015-07-13 [expires: 2018-07-12]
uid Infrastructure Team (Spacewalk Cert)
<[email protected]>
ssb 4096R/DCFD06A8 2015-07-13
sec 4096R/C787B908 2015-07-13 [expires: 2018-07-12]
uid Infrastructure_Team (Spacewalk Cert)
<[email protected]>
ssb 4096R/113C619E 2015-07-13
gpg --export -a C787B908 > spacewalk-key.gpg
gpg --export-secret-keys -a C787B908 > spacewalk-secretkey.gpg
gpg --keyring /etc/webapp-keyring-new.gpg --no-default-keyring
--import spacewalk-key.gpg spacewalk-secretkey.gpg
gpg: keyring `/etc/webapp-keyring-new.gpg' created
gpg: key C787B908: public key "Infrastructure_Team (Spacewalk Cert)
<[email protected]>" imported
gpg: key C787B908: already in secret keyring
gpg: Total number processed: 2
gpg: imported: 1 (RSA: 1)
gpg: secret keys read: 1
gpg: secret keys unchanged: 1
mv /etc/webapp-keyring.gpg /etc/webapp-keyring-old.gpg
mv /etc/webapp-keyring-new.gpg /etc/webapp-keyring.gpg
gpg --keyring /etc/webapp-keyring.gpg --no-default-keyring --list-keys
/etc/webapp-keyring.gpg
-----------------------
pub 4096R/C787B908 2015-07-13 [expires: 2018-07-12]
uid Infrastructure_Team (Spacewalk Cert)
<[email protected]>
sub 4096R/113C619E 2015-07-13 [expires: 2018-07-12]
./gen-oss-sat-cert.pl --orgid 1 --owner "Infrastructure_Team
(Spacewalk Cert) <[email protected]>" --signer C787B908
--output spacewalk-cert.cert --expires "2018-07-13 00:00:00" --slots
200000 --satellite-version spacewalk
Passphrase:
gpg: Signature made Mon 13 Jul 2015 11:07:12 AM BST using RSA key ID
C787B908
gpg: Good signature from "Infrastructure_Team (Spacewalk Cert)
<[email protected]>"
Signatures validation succeeded.
Certificate saved as tpgspacewalk-cert.cert
rhn-satellite-activate --sanity-only --rhn-cert=spacewalk-cert.cert
[no output]
rhn-satellite-activate --disconnected --rhn-cert=spacewalk-cert.cert
Certificate specifies 0 of virtualization_host_platform entitlements.
There are 3000 entitlements allocated to non-base org(s) (0 used).
You might need to deallocate some entitlements from non-base
organization(s).
You need to free 3000 entitlements to match the new certificate.
In the WebUI, the entitlement is named Virtualization Host Platform.
Certificate specifies 0 of monitoring_entitled entitlements.
There are 338 entitlements used by systems in the base (id 1)
organization,
plus 3000 entitlements allocated to non-base org(s) (26 used).
You might need to unentitle some systems in the base organization,
or deallocate some entitlements from non-base organization(s).
You need to free 3338 entitlements to match the new certificate.
In the WebUI, the entitlement is named Monitoring.
Certificate specifies 0 of virtualization_host entitlements.
There are 3000 entitlements allocated to non-base org(s) (0 used).
You might need to deallocate some entitlements from non-base
organization(s).
You need to free 3000 entitlements to match the new certificate.
In the WebUI, the entitlement is named Virtualization Host.
Certificate specifies 0 of provisioning_entitled entitlements.
There are 338 entitlements used by systems in the base (id 1)
organization,
plus 3000 entitlements allocated to non-base org(s) (26 used).
You might need to unentitle some systems in the base organization,
or deallocate some entitlements from non-base organization(s).
You need to free 3338 entitlements to match the new certificate.
In the WebUI, the entitlement is named Provisioning.
Activation failed, will now exit with no changes.
I have tried several different settings in the ./gen-oss-sat-cert.pl
command but always the same.
Can anybody help please?
Thanks
Kobus
