Spacewalk 2.6 on CentOS7
Registering client: CentOS6.8
trying to register CentOS client with
# rhnreg_ks --serverUrl=https://YourSpacewalk.example.org/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=<key-with-rhel-custom-channel>
Errors with:
The SSL certificate Failed Verification
up2date error reads
File "/usr/lib/python2.6/site-packages/rhn/SSL.py", line 230, in write sent =self._connection.send(data)
<class 'up2date_client.up2dateErrors.SSLCertificateVerifyFailedError'>
Things I've tried:
-
Verified Time/date on client and server
-
Disabled firewalld on server
-
tested https connection with firefox on client to spacewalk server
Edit: noteworthy info (possibly)
When I imported the ssl certificate earlier with the following:
# rpm -Uvh http://YourSpacewalk.example.com/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
it successfully imported but also gave a warning: The dynamic CA configuration feature is in the disabled state.
Not sure if this warning is related to my issue.
EDIT2: Browsed out to http://YourSpacewalk.example.com/pub/ and noticed there was another SSL cert labled rhn-org-trusted-ssl-cert-1.0-2 so I modified the above command to reflect the new file.
Once done, I ran the rhnreg_ks command and it successfully connected!
I forgot that I had Spacewalk setup before and had to reinstall spacewalk from the start due to some errors and corrupt files which created a new SSL cert appending the name with a 1.0-2 instead of replacing 1.0-1
Best Answer
Getting same issue, replacing rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm with rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm did the trick. Thank you!