I am trying to stand up a proxy server. However, I am having issues with the
certificate.
I am using a CA signed certificate on the primary SW server. Proxy installation
prompts me copy over three certificate items from the primary SW server.
[root@ ssl-build]# configure-proxy.sh
Using RHN parent (from /etc/sysconfig/rhn/up2date): <spacewalk server>
Using CA Chain (from /etc/sysconfig/rhn/up2date):
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Please do copy your CA key and public certificate from <spacewalk server> to
/root/ssl-build directory. You may want to execute this command:
scp 'root@<spacewalk
server>:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}'
/root/ssl-build
I have RHN-ORG-PRIVATE-SSL-KEY and RHN-ORG-TRUSTED-SSL-CERT, but I don't have a
rhn-ca-openssl.cnf file. If I try to install without that file I get the
following error:
ERROR: can't find a file that should have been created during an earlier step:
/root/ssl-build/rhn-ca-openssl.cnf
So, I tried creating one using the rhn-ssl-tool command:
rhn-ssl-tool --gen-ca --password=MY_CA_PASSWORD --dir="/root/ssl-build" \
--set-state="North Carolina" --set-city="Raleigh" --set-org="Example Inc." \
--set-org-unit="SSL CA Unit"
However, this did not work. I get the following error:
ERROR: web server's SSL certificate generation/signing failed:
Using configuration from /root/ssl-build/rhn-ca-openssl.cnf
CA certificate and CA private key do not match
139757325297480:error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch:x509_cmp.c:331:
Any way to get around this error? Can I create the rhn-ca-openssl.cnf file
from the existing cert?
Thank you.
Daryl
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
