Bug 1037884

Summary: Export server SSL cert from client
Product: Red Hat Enterprise MRG Reporter: Joshua Wulf <jwulf>
Component: Messaging_Installation_and_Configuration_GuideAssignee: Joshua Wulf <jwulf>
Status: CLOSED NOTABUG QA Contact: Petr Matousek <pematous>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.0CC: jwulf, lcarlon, lzhaldyb, pematous
Target Milestone: 3.0   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Build Name: 18173, Messaging Installation and Configuration Guide-3-1 Build Date: 15-11-2013 19:53:21 Topic ID: 13362-446715 [Latest]
Last Closed: 2014-05-19 04:36:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Joshua Wulf 2013-12-04 01:46:40 UTC 
Title: Export an SSL Certificate for Clients

there is an easier way for clients to collect the ssl cert directly from the server:

openssl s_client -connect $QPID_SERVER:5671 | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' > myservercert.pem

e.g.
openssl s_client -connect qpid.test.engineering.redhat.com:5671 | sed
-n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' >
qpid.test.engineering.redhat.com.crt
Comment 1 Joshua Wulf 2014-04-01 20:28:33 UTC 
Thanks for the suggestion!

Incorporated: 

http://deathstar1.usersys.redhat.com:3000/builds/18173-Messaging_Installation_and_Configuration_Guide/index.html#Export_an_SSL_Certificate_for_Clients
Comment 2 Petr Matousek 2014-05-06 12:22:18 UTC 
Joshua, I don't understand the purpose of this bugzilla. The command mentioned in Comment 0 will acquire the server's certificate _NOT_ the client's certificate (but obtaining the server's certificate is done automatically when establishing the SSL connection with the server).

What the command above do is:
The openssl client tries to establish a SSL connection with the server, The server certificate is sent to the client and saved to a file regardless whether the connection was successful or not.

What is the purpose of obtaining the server's certificate? I believe that there is no reason to manually obtain the server's certificate. As mentioned above, this is done automatically on establishing the SSL connection.

Anyway, this content is definitely not related to the chapter where it is listed (Export an SSL Certificate for Clients).
Comment 3 Joshua Wulf 2014-05-13 23:50:39 UTC 
That makes sense to me. I've removed this content.

http://deathstar1.usersys.redhat.com:3000/builds/18173-Messaging_Installation_and_Configuration_Guide/#Export_an_SSL_Certificate_for_Clients
Comment 4 Petr Matousek 2014-05-14 14:50:22 UTC 
Content removal verified. The result is that no content was added, thus I'n suggesting to CLOSE NOTABUG. Joshua do you agree?
Comment 5 Joshua Wulf 2014-05-19 04:36:29 UTC 
I agree.