On your spacewalk server you can check the cert:
openssl verify -CAfile /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT /etc/pki/spacewalk/jabberd/server.pem
You can also verify if your server name matches the certificate name by running the spacewalk rename script.
Before running the command, you need to install the spacewalk-utils
yum spacewalk-utils spacewalk-hostname-rename x.x.x.x
The Xs are your servers IP. It'll tell you the name it is reading. Compare that to the file in /root/ssl-build/rhn-ca-openssl.cnf. You are looking for cn=.
Now assuming that names don't match or you want to change your server name:
RHEL 7
hostnamectl set-hostname newservername
RHEL6
hostname newname vim /etc/sysconfig/network
Now verify the new name is working
hostname
Now we need to create new certs.
rhn-ssl-tool --gen-ca --force rhn-ssl-tool --gen-server
Now you need to install the new certs.
rpm -ivh --force ~/ssl-build/spacewalk/rhn-org-httpd-ssl-key-pair-spacewalk-1.0-2.noarch.rpm
Copy the new files to the apache folder so the clients can access it
cp ~/ssl-build/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm /var/www/html/pub/ chown apache /var/www/html/pub/rhn-*
Note: The rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm changed on me. The original was 1.0-1.
Now even though it's showing everything is right the spacewalk rename tool won't work until you reboot. So reboot and then run:
spacewalk-hostname-rename x.x.x.x
Then do like you would normally:
rpm -Uvh http://servername.domain.com/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm --force
Note: Notice that I added the --force argument
rhnreg_ks --serverUrl=https://servername.domain.com/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-activationkeyname
Note: If the system is already registered, you must add --force to the rhnreg_ks command.
No comments:
Post a Comment