I'm trying to get my SLES 11 SP3 client working with my SW 2.3 server.
The SW client registration procedures have the following steps: * ?zypper ar -f http://download.opensuse.org/repositories/systemsmanagement:/spacewalk:/2.3/SLE_11_SP3/ spacewalk-tools * zypper install rhn-client-tools zypp-plugin-spacewalk rhnsd rhn-setup rhn-check * wget http://<http://<FQ><FQ SW server>/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT * ln -s /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT /usr/share/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem * update-ca-certificates * rhnreg_ks --serverUrl=https://<FQ SW server>/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=<ACTIVATIONKEY> The "update-ca_certificates" step does not work. There is no command on the system, and I wasn't able to find anything searching online. I'm not sure if that is something that should come with the rhn tools or not. Anyway, I found a posting on this list from February of this year. Bernd Helber and similar problems that I'm having and Michael Calmer provided this reply: Take care that the CA certificate is copied to /etc/ssl/certs/ with the suffix ".pem" and you run a "c_rehash /etc/ssl/certs/" E.g.: $> cp /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT \ /etc/ssl/certs/RHN-ORG-TRUSTED-SSL-CERT.pem $> c_rehash /etc/ssl/certs/ -- Regards Michael Calmer This allowed me to get past the first error that I was receiving, but now I have a different error. I am now getting this error: ?<snip>? Download (curl) error for 'https://<FQ SW Server>/XMLRPC/GET-REQ/sles11sp3_channel/repodata/repomd.xml?head_requests=no': Error code: Unrecognized error Error message: error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) </snip> Trouble shooting and online research indicates that perhaps rhn_check is not using SSLv3. I can run curl -vvv -3 and connect and read the repository just fine. curl -vvv -3 https://<https://<FQ><FQ SW Server>/XMLRPC/GET-REQ/sles11sp3_channel/repodata/repomd.xml?head_requests=no But if I issue the same curl command without "-3", I get the same error that I'm getting with rhn_check curl -vvv https://<FQ SW Server>/XMLRPC/GET-REQ/sles-11-sp3-update-channel/repodata/repomd.xml?head_requests=no * About to connect() to <FQ SW Server> port 443 (#0) * Trying 10.25.61.14... connected * Connected to <FQ SW SErver> (<IP Address>) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs/ * SSLv3, TLS handshake, Client hello (1): * error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) * Closing connection #0 curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) How can I verify that rhn_check is using SSLv3? Thank you Daryl
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
