Oh glad to hear it. Yes, I generated my CSR for SW on the server so it just worked as documented for the most part.
--Matthew Wilkinson -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Eric Sent: Thursday, June 08, 2017 14:27 To: [email protected] Subject: Re: [Spacewalk-list] More Spacewalk 26 Certificate Problems....can't get 3rd party cert to work with osa-dispatcher and jabber [This is an external email. Be cautious with links, attachments and responses.] ********************************************************************** SUCCESS! Ok, so the main issue is that all of the available docs "assume" that the CSR is generated on the Spacewalk server, which is not always the case. Since we use a tool for our company, and you do the CSR on the tool itself....you have to download that in addition to the cert. You also have to use the private key. So the additional steps in my case were: retrieve the CSR and copy it to /root/ssl-build/<hostname>/server.csr retrieve the .key file, use openssl rsa to strip the password out, and copy it to /root/ssl-build/<hostname>/server.key In addition, these steps in the Redhat doc break osa-dispatcher: # cp /etc/httpd/conf/ssl.key/server.key /etc/jabberd/server.pem # cat /etc/httpd/conf/ssl.crt/server.crt >> /etc/jabberd/server.pem # cp /etc/jabberd/server.pem /etc/pki/spacewalk/jabberd/server.pem Do NOT do those steps. With the exception of the additional steps I did regarding the key and csr, I followed the current Spacewalk 2.6 Oracle document linked to previously. Thanks everybody for the help! On Thursday 08 June 2017 09:12:23 David Hrbáč wrote: > Avi, > > I realised meanwhile. Thanks fro sharing. It helped with our CA. > > Thanks, > DH > > 2017-06-07 21:36 GMT+02:00 Avi Miller > <https://urldefense.proofpoint.com/v2/url?u=http-3A__avi.miller-40oracle.com&d=DwIGaQ&c=GUDVeAVg1gjs_GJkmwL1m3gEzDND7NeJG5BIAX_2yRE&r=zxSMv3Yyn0u8GiLjBm805qsHQ-PQnlWklaJFaNwJsRdou0Rx32Ld6bt57-Tq1kdA&m=XiHUGAX-77yDfGLzeS2obq175y6YjXuOhVGgPJiDSTw&s=40qPDqZ4jl4w6GPdweUVFVv5ii6dI-e5OdpdsivCogE&e= > >: > > Hi, > > > > On 8 Jun 2017, at 5:30 am, David Hrbáč <[email protected]> wrote: > > > > Interesting reading is also here > > https://urldefense.proofpoint.com/v2/url?u=https-3A__omg.dje.li_2017_&d=DwIGaQ&c=GUDVeAVg1gjs_GJkmwL1m3gEzDND7NeJG5BIAX_2yRE&r=zxSMv3Yyn0u8GiLjBm805qsHQ-PQnlWklaJFaNwJsRdou0Rx32Ld6bt57-Tq1kdA&m=XiHUGAX-77yDfGLzeS2obq175y6YjXuOhVGgPJiDSTw&s=PcgsFHLsCO8rB3DqZkzNkh-VjppHZDM6gVWHJ08B0jE&e= > > > > 04/using-lets-encrypt-ssl-certificates-with-spacewalk/ > > > > > > Glad you like it, that’s my personal blog. :) > > > > Cheers, > > Avi > > > > -- > > Oracle <http://www.oracle.com> > > Avi Miller | Product Management Director | +61 (3) 8616 3496 > > <+61%203%208616%203496> > > Oracle Linux and Virtualization > > 417 St Kilda Road, Melbourne, Victoria 3004 Australia > > > > > > _______________________________________________ > > Spacewalk-list mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
