Re: [Spacewalk-list] Re-generating Spacewalk certs?

[Fouts, Christopher]

serverURL=https://td-spacewalk.mycompany.com/XMLRPC

…which matches the CN in the cert

Chris

From: <spacewalk-list-boun...@redhat.com> on behalf of "Fouts, Christopher" 
<christopher.fo...@teradata.com>
Reply-To: "spacewalk-list@redhat.com" <spacewalk-list@redhat.com>
Date: Thursday, June 1, 2017 at 2:29 PM
To: "spacewalk-list@redhat.com" <spacewalk-list@redhat.com>
Subject: Re: [Spacewalk-list] Re-generating Spacewalk certs?

I regenerated my certs using a different common name (td-spacewalk.company.com) 
other than the hostname b/c AWS uses ip-10-xx-xx-xx.ec2.internal as hostnames. 
Now I get this when I start osa-dispatcher on my Spacewalk server

2017/06/01 18:08:45 -00:00 12027 0.0.0.0: osad/jabber_lib.print_message('Could 
not connect to jabber server', 'ip-xx.xx.xx.ec2.internal')

I updated the /etc/jabberd/sm.xml,c2s.xml files

I restarted jabberd

I reran spacewalk-setup-jabberd

/etc/pki/spacewalk/server.pem contains the correct cert.


Chris


From: <spacewalk-list-boun...@redhat.com> on behalf of "Fouts, Christopher" 
<christopher.fo...@teradata.com>
Reply-To: "spacewalk-list@redhat.com" <spacewalk-list@redhat.com>
Date: Wednesday, May 31, 2017 at 4:14 PM
To: "spacewalk-list@redhat.com" <spacewalk-list@redhat.com>
Subject: Re: [Spacewalk-list] Re-generating Spacewalk certs?

Thanks! I’ll be testing all these ideas.

Chris

From: <spacewalk-list-boun...@redhat.com> on behalf of Dimitri Yioulos 
<dyiou...@netatlantic.com>
Reply-To: "spacewalk-list@redhat.com" <spacewalk-list@redhat.com>
Date: Wednesday, May 31, 2017 at 4:12 PM
To: "spacewalk-list@redhat.com" <spacewalk-list@redhat.com>
Subject: Re: [Spacewalk-list] Re-generating Spacewalk certs?

Also remember that “serverURL=” in the up2date file must match the CN.


From: spacewalk-list-boun...@redhat.com 
[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of William H. ten Bensel
Sent: Wednesday, May 31, 2017 4:03 PM
To: spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Re-generating Spacewalk certs?

I believe this can be done:

Linux 6: update /etc/hosts, /etc/sysconfig/network and hostname with what you 
want it to be.
Linux 7: update /etc/hosts and /etc/hostname

Then regenerate the SSL.


- Thanks and good luck



From:        "Fouts, Christopher" 
<christopher.fo...@teradata.com<mailto:christopher.fo...@teradata.com>>
To:        "spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>" 
<spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>>
Date:        05/31/2017 02:55 PM
Subject:        Re: [Spacewalk-list] Re-generating Spacewalk certs?
Sent by:        
spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>
________________________________



This email originated from outside of the company. Please use discretion if 
opening attachments or clicking on links.
________________________________

Thanks. I believe that spacewalk-setup just calls the rhn-ssl.

For AWS instances, hostname is usually ip-10-xx-xx-xx.ec2.instance for example. 
I do however, put a load balancer in front of my AWS instance, and create a 
Route 53 CNAME, for exmpale, td-spacewalk.company.com. I want the Certs to have 
the td-spacewalk.company.com as CN, instead of ip-10-xx-xx-xx.ec2.instance.

Chris

From: 
<spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com>> 
on behalf of Dimitri Yioulos 
<dyiou...@netatlantic.com<mailto:dyiou...@netatlantic.com>>
Reply-To: "spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>" 
<spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>>
Date: Wednesday, May 31, 2017 at 3:30 PM
To: "spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>" 
<spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>>
Subject: Re: [Spacewalk-list] Re-generating Spacewalk certs?

Chris,

1.      I think you can use rhn-ssl to generate the new cert.  See  
https://access.redhat.com/solutions/10809.
2.      CN should be the fqdn of your spacewalk server.

HTH

Dimitri

From: 
spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> 
[mailto:spacewalk-list-boun...@redhat.com] On Behalf Of Fouts, Christopher
Sent: Wednesday, May 31, 2017 2:41 PM
To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com>
Subject: [Spacewalk-list] Re-generating Spacewalk certs?

I have two questions regaring SW certs?
1.                  How can I regenerate certs, just by running 
spacewalk-setup, and simply don’t touch the DB?
2.                  If using an answer file, how do I set the common name (CN)?

Thanks,
ChrisThis email originated from outside of the company.  Please use discretion 
if opening attachments or clicking on links.

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list



**



This email and any attachments may contain information that is confidential 
and/or privileged for the sole use of the intended recipient. Any use, review, 
disclosure, copying, distribution or reliance by others, and any forwarding of 
this email or its contents, without the express permission of the sender is 
strictly prohibited by law. If you are not the intended recipient, please 
contact the sender immediately, delete the e-mail and destroy all copies.

**

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list