Am 2. November 2017 08:47:00 MEZ schrieb "Vipul Sharma (DevOps)" <[email protected]>: >Hi, > >I imported the new keyfile downloaded from Red-Hat - > > > >*gpg: key FD431D51: public key "Red Hat, Inc. (release key 2) ><[email protected] <[email protected]>>" importedgpg: Total number >processed: 1gpg: imported: 1 (RSA: 1)* > > >But, If we run gpg --list-keys - It shows me 2 different versions of >that, >What's that about, Any ideas? > > > > > >*pub 1024D/F24F1B08 2002-04-23 [expired: 2004-04-22]uid >Red Hat, Inc (Red Hat Network) <[email protected] ><[email protected]>>pub 4096R/FD431D51 >2009-10-22uid Red Hat, Inc. (release key 2) ><[email protected] <[email protected]>>* > > > >Also, I checked ca-bundle.crt, I found no chain for Red-Hat over there >- > >Thanks >Vipul > >On Thu, Nov 2, 2017 at 12:58 PM, Robert Paschedag ><[email protected]> >wrote: > >> Am 2. November 2017 08:24:10 MEZ schrieb "Vipul Sharma (DevOps)" < >> [email protected]>: >> >I have tested 2 different URL'S - >> > >> >*This one was was from your article -* >> > >> >curl -v https://cdn.redhat.com/content/dist/rhel/server/7/ >> >7Server/x86_64/os/repodata/repomd.xml >> >* About to connect() to cdn.redhat.com port 443 (#0) >> >* Trying 2.16.30.83... >> >* Connected to cdn.redhat.com (2.16.30.83) port 443 (#0) >> >* Initializing NSS with certpath: sql:/etc/pki/nssdb >> >* CAfile: /etc/pki/tls/certs/ca-bundle.crt >> > CApath: none >> >* Server certificate: >> >* subject: CN=cdn.redhat.com,OU=Red Hat Network,O=Red >> >Hat,L=Raleigh,ST=North Carolina,C=US >> >* start date: May 14 19:48:02 2014 GMT >> >* expire date: May 11 19:48:02 2024 GMT >> >* common name: cdn.redhat.com >> >* issuer: [email protected],CN=Red Hat Entitlement >> >Operations >> >Authority,OU=Red Hat Network,O="Red Hat, Inc.",ST=North >Carolina,C=US >> >* *NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)* >> >* Peer's certificate issuer has been marked as not trusted by the >user. >> >* Closing connection 0 >> >curl: (60) Peer's certificate issuer has been marked as not trusted >by >> >the >> >user. >> > >> >----------------------------------------------------------- >> > >> >*This is from Google-Cloud - Pretty much the same result -* >> > >> >curl -v https://cds.rhel.updates.googlecloud.com/pulp/mirror/ >> >>content/dist/rhel/rhui/server/7/7Server/x86_64/os/repodata/repomd.xml >> >* About to connect() to cds.rhel.updates.googlecloud.com port 443 >(#0) >> >* Trying 23.236.57.179... >> >* Connected to cds.rhel.updates.googlecloud.com (23.236.57.179) port >> >443 >> >(#0) >> >* Initializing NSS with certpath: sql:/etc/pki/nssdb >> >* CAfile: /etc/pki/tls/certs/ca-bundle.crt >> > CApath: none >> >* Server certificate: >> >* subject: >> >>CN=cds.rhel.updates.googlecloud.com,OU=SomeOrgUnit,O=SomeOrg,ST=North >> >Carolina,C=US >> >* start date: Sep 23 05:18:30 2017 GMT >> >* expire date: Sep 25 05:18:30 2037 GMT >> >* common name: cds.rhel.updates.googlecloud.com >> >* issuer: CN=RHUI Certificate >> >Authority,OU=SomeOrgUnit,O=SomeOrg,L=Raleigh,ST=North >> >Carolina,C=US >> >* *NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)* >> >* Peer's certificate issuer has been marked as not trusted by the >user. >> >* Closing connection 0 >> >curl: (60) Peer's certificate issuer has been marked as not trusted >by >> >the >> >user. >> > >> >Thanks >> > >> >On Thu, Nov 2, 2017 at 12:36 PM, Robert Paschedag >> ><[email protected]> >> >wrote: >> > >> >> Am 2. November 2017 07:29:16 MEZ schrieb "Vipul Sharma (DevOps)" < >> >> [email protected]>: >> >> >In spacewalk, I had to manually create this file -->* >> >> >file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release*, & then >> >copy/pasted >> >> >the >> >> >KEY from RHEL server to this location in Spacewalk server. >> >> > >> >> >Some Doubts :- >> >> > >> >> >Do this requires importing this file ?? >> >> > >> >> >I'm running spacewalk without CA certified certificate, Does that >> >> >impact >> >> >the overall config for RHEL Repo in Spacewalk. >> >> > >> >> >Thanks >> >> >Vipul >> >> > >> >> >On Thu, Nov 2, 2017 at 11:49 AM, Robert Paschedag >> >> ><[email protected]> >> >> >wrote: >> >> > >> >> >> Am 2. November 2017 05:13:12 MEZ schrieb "Vipul Sharma >(DevOps)" < >> >> >> [email protected]>: >> >> >> >Hi Michael, >> >> >> > >> >> >> >We are using registered system through 'Google-Cloud' - I have >> >> >copied >> >> >> >everything very carefully from RHEL.repo into spacewalk, >> >Including >> >> >all >> >> >> >the >> >> >> >.cert & .pem files. >> >> >> > >> >> >> >Just unable to figure out what's wrong with it for the time >being >> >- >> >> >> > >> >> >> >Thanks >> >> >> > >> >> >> >On Wed, Nov 1, 2017 at 5:36 PM, Michael Mraka >> >> >> ><[email protected]> >> >> >> >wrote: >> >> >> > >> >> >> >> Vipul Sharma (DevOps): >> >> >> >> > Hi Robert, >> >> >> >> > >> >> >> >> > I need your 'HELP' - I went according to your >configuration >> >for >> >> >> >> downloading >> >> >> >> > RHEL repos into 'Spacewalk' - But, I'm facing some issues >> >while >> >> >> >doing >> >> >> >> > that, Can you be humble enough to take a look into my >issue >> >-- >> >> >> >> > >> >> >> >> > *This is the error -* >> >> >> >> > >> >> >> >> > 10:01:26 | Channel: rhel-base >> >> >> >> > 10:01:26 ====================================== >> >> >> >> > 10:01:26 Sync of channel started. >> >> >> >> > 10:01:26 Repo URL: >> >> >> >> > >> >> >>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os >> >> >> >> > 10:01:27 ERROR: failure: repodata/repomd.xml from >> >> >> >> > content_dist_rhel_server_7_7Server_x86_64_os: [Errno 256] >No >> >> >more >> >> >> >> mirrors >> >> >> >> > to try. >> >> >> >> > *https://cdn.redhat.com/content/dist/rhel/server/7/ >> >> >> >> 7Server/x86_64/os/repodata/repomd.xml >> >> >> >> > <https://cdn.redhat.com/content/dist/rhel/server/7/ >> >> >> >> 7Server/x86_64/os/repodata/repomd.xml>: >> >> >> >> > [Errno 14] curl#60 - "Peer's certificate issuer has been >> >marked >> >> >as >> >> >> >not >> >> >> >> > trusted by the user."* >> >> >> >> > 10:01:27 Sync of channel completed in 0:00:00. >> >> >> >> > 10:01:27 Total time: 0:00:00 >> >> >> >> > >> >> >> >> > --------------------------------------------- >> >> >> >> > >> >> >> >> > My Spacewalk server is running unauthorized CA-CERT, Is >this >> >> >> >because of >> >> >> >> > that ? >> >> >> >> >> >> >> >> You need a proper Red Hat Subscription to be able to >download >> >Red >> >> >Hat >> >> >> >> content from CDN. >> >> >> >> >> >> >> >> Regards, >> >> >> >> >> >> >> >> -- >> >> >> >> Michael Mráka >> >> >> >> System Management Engineering, Red Hat >> >> >> >> >> >> >> >> _______________________________________________ >> >> >> >> Spacewalk-list mailing list >> >> >> >> [email protected] >> >> >> >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> >> >> >> >> >> For me, this sounds as one of the "signing" CA of RedHat's >servers >> >is >> >> >not >> >> >> trusted by "you". >> >> >> >> >> >> Robert >> >> >> >> >> >> >> Please try to curl the URL. >> >> >> >> curl -vv -1 https://.... >> >> >> >> See the same error? >> >> >> >> Robert >> >> >> >> You have to get the "issuer" certs from RedHat (download from web?) >and >> add it to your trusted CA store >> Robert >>
Not the gpg key is the problem right now.... The SSL chain cannot be built and verified. You have to get that fixed first. Robert _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
