Sam,
Unfortunately, this did not resolve my issue. I still get the exact same error:
ERROR: can't find a file that should have been created during an earlier step:
/root/ssl-build/rhn-ca-openssl.cnf
I tried the --force-own-ca option on the command line, as well as
"FORCE_OWN_CA" in an answers file.
Any other suggestions?
Thank you.
Daryl
________________________________
From: [email protected] <[email protected]> on
behalf of Sam Sen <[email protected]>
Sent: Thursday, May 5, 2016 9:20 AM
To: [email protected]
Subject: Re: [Spacewalk-list] [EXT] Issues with proxy and certificates
Yeah I never understood why you would need to sign the CA against the parent
server. I spent days trying to get it to work but luckily I found the thread I
pasted in the previous email. It's been working real well so I'm assuming all
is well.
On May 5, 2016, at 10:16 AM, Daryl Rose
<[email protected]<mailto:[email protected]>> wrote:
Sam,
I saw that option in the help, but didn't understand what it meant. I'll give
that a try.
Thank you very much for the reply and the help.
Daryl
________________________________
From:
[email protected]<mailto:[email protected]>
<[email protected]<mailto:[email protected]>>
on behalf of Sam Sen <[email protected]<mailto:[email protected]>>
Sent: Thursday, May 5, 2016 8:15 AM
To: [email protected]<mailto:[email protected]>
Subject: Re: [Spacewalk-list] [EXT] Issues with proxy and certificates
I ran into a similar issue. I ended up using the "-force-own-ca" flag.
https://www.redhat.com/archives/spacewalk-list/2011-December/msg00147.html
On May 5, 2016, at 8:53 AM, Daryl Rose
<[email protected]<mailto:[email protected]>> wrote:
I am trying to stand up a proxy server. However, I am having issues with the
certificate.
I am using a CA signed certificate on the primary SW server. Proxy installation
prompts me copy over three certificate items from the primary SW server.
[root@ ssl-build]# configure-proxy.sh
Using RHN parent (from /etc/sysconfig/rhn/up2date): <spacewalk server>
Using CA Chain (from /etc/sysconfig/rhn/up2date):
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Please do copy your CA key and public certificate from <spacewalk server> to
/root/ssl-build directory. You may want to execute this command:
scp 'root@<spacewalk
server>:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}'
/root/ssl-build
I have RHN-ORG-PRIVATE-SSL-KEY and RHN-ORG-TRUSTED-SSL-CERT, but I don't have a
rhn-ca-openssl.cnf file. If I try to install without that file I get the
following error:
ERROR: can't find a file that should have been created during an earlier step:
/root/ssl-build/rhn-ca-openssl.cnf
So, I tried creating one using the rhn-ssl-tool command:
rhn-ssl-tool --gen-ca --password=MY_CA_PASSWORD --dir="/root/ssl-build" \
--set-state="North Carolina" --set-city="Raleigh" --set-org="Example Inc." \
--set-org-unit="SSL CA Unit"
However, this did not work. I get the following error:
ERROR: web server's SSL certificate generation/signing failed:
Using configuration from /root/ssl-build/rhn-ca-openssl.cnf
CA certificate and CA private key do not match
139757325297480:error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch:x509_cmp.c:331:
Any way to get around this error? Can I create the rhn-ca-openssl.cnf file
from the existing cert?
Thank you.
Daryl
_______________________________________________
Spacewalk-list mailing list
[email protected]<mailto:[email protected]>
https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________
Spacewalk-list mailing list
[email protected]<mailto:[email protected]>
https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
