On Friday, August 25, 2017 1:47:13 PM CEST Emgee King (WLT GB) wrote: > The setup generates the ssl certificate for use, but is insecure: " Your > connection is not secure" > Since we are using an internal domain > "spacewalk-live.internal", access to this server is only accessible via VPN > anyway. So I don't see the need for an insecure ssl cert.
Famous last words :-) It would be better to: 1) add an exception to your web browser, so it's not going to bother you with "insecure" messages anymore. You will still have an "insecure" icon in the web browser's address bar, though. 2) If you did a standard SW install, check the ~/ssl-build directory on your SW server. You should find certs and keys there. Find the "RHN-ORG-TRUSTED- SSL-CERT" file, and import it into your web browser. Your connection to the SW server is secure now (green padlock and all). The certificate at "https://<sw-server-fqdn>/pub/RHN-ORG-TRUSTED-SSL-CERT" is the same one. 3) Setup a proper certificate for your SW server. Example for Let's Encrypt can be found here: https://omg.dje.li/2017/04/using-lets-encrypt-ssl-certificates-with-spacewalk/ If you want to use your own CA, modify the process accordingly. Any of these three solutions is much much better (and easier - maybe except the last one), than circumventing your SW server security. -- Radovan > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Radovan Drazny > Sent: Friday, August 25, 2017 12:57 PM > To: [email protected] > Subject: Re: [Spacewalk-list] Webui to use http not https? > > On Friday, August 25, 2017 12:39:18 PM CEST Emgee King (WLT GB) wrote: > > I've got Spacewalk 2.6 setup with 226 Ubuntu precise and trusty systems. > > Registration is working over SSL, but what changes are required to > > have the WebUI use https instead of https? > > > > Does anyone have any thoughts? > > > > > > GOGREEN Climate Protection with DHL: please consider your > > environmental responsibility before printing this email. > > > > This email is intended exclusively for the individual or entity to > > which it is addressed. This communication may contain information that > > is proprietary, privileged or confidential. If you are not the named > > addressee, you are not authorized to read, print, retain, copy or > > disseminate this message or any part of it. If you have received this > > message in error, please notify the sender immediately by email and > > delete all copies of the message. > > > > _______________________________________________ > > Spacewalk-list mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/spacewalk-list > > What is your motivation for accessing WebUI using http? Because I don't > think it is a good idea. > > -- > Radovan > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list > > > GOGREEN Climate Protection with DHL: please consider your environmental > responsibility before printing this email. > > This email is intended exclusively for the individual or entity to which it > is addressed. This communication may contain information that is > proprietary, privileged or confidential. If you are not the named > addressee, you are not authorized to read, print, retain, copy or > disseminate this message or any part of it. If you have received this > message in error, please notify the sender immediately by email and delete > all copies of the message. > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list -- Radovan Dražný [email protected] Satellite 5 QE Team _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
