2

Spacewalk 2.6 on CentOS7

Registering client: CentOS6.8

trying to register CentOS client with 

# rhnreg_ks --serverUrl=https://YourSpacewalk.example.org/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=<key-with-rhel-custom-channel>

Errors with: The SSL certificate Failed Verification

up2date error reads

File "/usr/lib/python2.6/site-packages/rhn/SSL.py", line 230, in write sent =self._connection.send(data)
<class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>

Things I've tried:

  1. Verified Time/date on client and server

  2. Disabled firewalld on server

  3. tested https connection with firefox on client to spacewalk server

Edit: noteworthy info (possibly)

When I imported the ssl certificate earlier with the following:

# rpm -Uvh http://YourSpacewalk.example.com/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm

it successfully imported but also gave a warning: The dynamic CA configuration feature is in the disabled state.

Not sure if this warning is related to my issue.

EDIT2: Browsed out to http://YourSpacewalk.example.com/pub/ and noticed there was another SSL cert labled rhn-org-trusted-ssl-cert-1.0-2 so I modified the above command to reflect the new file.

Once done, I ran the rhnreg_ks command and it successfully connected! I forgot that I had Spacewalk setup before and had to reinstall spacewalk from the start due to some errors and corrupt files which created a new SSL cert appending the name with a 1.0-2 instead of replacing 1.0-1

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
KenPC
  • 21
  • 1
  • 4
  • 1
    Please don't edit your solution into the question. Instead, post it as an answer and accept it to mark the question as "solved" in the system. It is perfectly fine to accept your own answer. – Gerald Schneider Aug 03 '17 at 13:20

1 Answers1

1

Getting same issue, replacing rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm with rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm did the trick. Thank you!

Dmitry G
  • 41
  • 3