Hi, > On 8 Jun 2017, at 7:35 am, Eric <[email protected]> wrote: > > Avi, > > Still not working. I followed the Oracle document for 2.6 > (https://docs.oracle.com/cd/E52668_01/E85212/html/sw22-replace-cert.html) > exactly...........and still get the same exact error.
We’ve tested this process several times (and do it for every release) so I’m concerned this is not working for you. > > In your blog, you have this: > > # cd /root/ssl-build/<hostname>/ > # mv server.crt server.crt.self-signed > # mv server.key server.key.self-signed > # ln -s /etc/letsencrypt/live/<fqdn>/fullchain.pem server.crt > # ln -s /etc/letsencrypt/live/<fqdn>/privkey.pem server.key > > Neither the Oracle doc nor the Redhat doc makes ANY mention of the server.key > file. Correct, because neither we nor them consider the Let’s Encrypt use case, which does auto-updating. My blog outlines how to connect Spacewalk to the Let’s Encrypt certificates. This is not something that’s necessary with 3rd-party (CA signed) certificates. In this case, there is additional work to be done so that the regularly-updated Let’s Encrypt certificates are used and Spacewalk always points to the latest certificate, as updated by certbot. > I'm really at a loss with this. In literally days of searching for > information on this.....I cannot find a single instance of somebody actually > successfully getting osa-dispatcher and jabber running after moving to a CA > signed certificate, just tons of posts with the same errors I'm getting > asking > for help...but I cannot find any resolution....it seems that everybody has > given up and just stayed with self signed certs. All of my setups use CA signed certificates. All our internal instances do too. My personal setup uses the Let’s Encrypt configuration documented in my blog, while my corporate instance uses a certificate provided by our Managed PKI system. Both instances are running jabberd/osa without any issues at all. In fact, both setups have also switched the jabberd database to PostgresSQL (personal setup) and SQLite (corporate). I have lots of customers using either internally PKI-signed or externally CA signed certificates with their Spacewalk instances and all followed our documentation. All are working fine too. Cheers, Avi -- Oracle <http://www.oracle.com> Avi Miller | Product Management Director | +61 (3) 8616 3496 Oracle Linux and Virtualization 417 St Kilda Road, Melbourne, Victoria 3004 Australia _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
