Hi Daryl, looks good. But try the following.
Put a testfile on the spacewalk "pub" folder...normally "/srv/www/html/pub" Then try to manually grab the file with "curl", only using "your" CA file curl -vvv -1 --cacert /etc/ssl/certs/RHN... --capath none https://<yourserver>/pub/<testfile> If this works, try same without setting "--cacert and --capath". If this does NOT work, something went wrong running "c_rehash". If both do NOT work, then maybe the apache server is not "deploying" the complete certificate chain. Look for "apache"s "SSLCertificateChainFile" in /etc/http/conf.d/ssl.conf Regards, Robert Am 09.09.2015 um 15:12 schrieb Daryl Rose: > Avi, > > Here are the steps for registering SLES from the Spacewalk documentation: > > https://fedorahosted.org/spacewalk/wiki/RegisteringClients#SUSE > > However, the steps are not completely accurate for SLES 11 SP3. A few > changes need to be made. > > 1. Changes to the spacewalk-tools URL. > zypper ar -f > http://download.opensuse.org/repositories/systemsmanagement:/spacewalk:/2.3/SLE_11_SP3/ > spacewalk-tools > > 2. Step two applies to SLES 12, not to SLES 11. (I learned about that from > this forum). These are the modified steps: > a. wget http://corp-spwalk-prod01.dtn.com/pub/RHN-ORG-TRUSTED-SSL-CERT -O > /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT > b. cp /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT > /etc/ssl/certs/RHN-ORG-TRUSTED-SSL-CERT.pem > c. c_rehash /etc/ssl/certs/ > > After running the c_rehash, I get the following: > > lrwxrwxrwx 1 root root 28 Sep 9 08:05 dcfb5746.0 -> > RHN-ORG-TRUSTED-SSL-CERT.pem > > I'm assuming that this is what I should see. > > These are the same steps that I used in my testing. Is there something wrong > with the cert? > > Thanks > > Daryl > > ________________________________________ > From: [email protected] <[email protected]> > on behalf of Avi Miller <[email protected]> > Sent: Tuesday, September 8, 2015 3:39 PM > To: [email protected] > Subject: Re: [Spacewalk-list] How to use a signed certificate? > > Hey Daryl, > >> On 9 Sep 2015, at 6:06 am, Daryl Rose <[email protected]> wrote: >> >> I decided to move my SW environment into production, so I stood up a brand >> new SW server and redid the signed certificate according to your >> documentation. Everything works fine with the RHEL servers that I've >> attached, but I'm having certificate issues with SLES. > > I don't think we ever tested this with SLES/OpenSUSE as that's not covered > under standard Oracle support. I've not even looked into how you register a > SLES system to Spacewalk, so I can't comment on how that process would need > to be updated for a 3rd-party certificate. > > However, this seems like a verification issue, so I would double-check that > you're using the correct CA certificate (RHN-ORG-TRUSTED-SSL-CERT) and that > it has the entire CA chain contained. Otherwise, the client would not be able > to verify the certificate provided by the server. > > Can you point me towards the appropriate documentation that outlines the SLES > registration process to Spacewalk so I can review? > > Thanks, > Avi > > -- > Oracle <http://www.oracle.com> > Avi Miller | Product Management Director | +61 (3) 8616 3496 > Oracle Linux and Virtualization > 417 St Kilda Road, Melbourne, Victoria 3004 Australia > > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list > _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
