Hi, > On 8 Jun 2017, at 8:56 am, Avi Miller <[email protected]> wrote: > > So, my advice is to find the Root CA chain for your Venafi-provided > certificates and create a full chain certificate as outlined in my Let’s > Encrypt blog to see if that works.
More detail: the full chain needs to be provided in RHN-ORG-TRUSTED-SSL-CERT and that must be copied across to /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT because that’s where osa-dispatcher is configured to look by default in /etc/rhn/rhn.conf: osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT This is the CA chain file and is used to validate the certificate presented by the Spacewalk web services. In self-signed mode, Spacewalk includes the CA certificate of the Spacewalk server, but this needs to be manually provided when you replace them. This is documented in our procedure in step 3, which specifies that you need to create the full chain, including all root and intermediate CA certificates, in order from the root down. Cheers, Avi -- Oracle <http://www.oracle.com> Avi Miller | Product Management Director | +61 (3) 8616 3496 Oracle Linux and Virtualization 417 St Kilda Road, Melbourne, Victoria 3004 Australia _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
