Bug 461270
Summary: | replace spacewalk-ssl-cert-check with certwatch | ||||||
---|---|---|---|---|---|---|---|
Product: | [Community] Spacewalk | Reporter: | Jesus M. Rodriguez <jesusr> | ||||
Component: | Server | Assignee: | Jan Pazdziora <jpazdziora> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Red Hat Satellite QA List <satqe-list> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 0.2 | CC: | cperry, jpazdziora, rssjames | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-08-19 08:24:00 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 585232 | ||||||
Attachments: |
|
Description
Jesus M. Rodriguez
2008-09-05 13:24:08 UTC
Created attachment 315907 [details]
Trival patch to require crypto-utils instead of spacewalk-ssl-cert-check
Taking. It seems to be actually pretty easy to change the email destination to be the Satellite administrator, with export CERTWATCH_OPTS="--address $( spacewalk-cfg-get traceback_mail )" line in /etc/sysconfig/httpd. The bigger problem is that the email then is From: root <root.com> To: admin Subject: The certificate for vmware145.example.com will expire in 2 days ################# SSL Certificate Warning ################ Certificate for hostname 'vmware145.example.com', in file: /etc/pki/tls/certs/spacewalk.crt The certificate needs to be renewed; this can be done using the 'genkey' program. Browsers will not be able to correctly connect to this web site using SSL until the certificate is renewed. ########################################################## Generated by certwatch(1) which is certainly an improvement to our current From: root <root.com> To: admin Subject: /usr/share/ssl/ssl-cert-check: Certificate for FILE will expire in 60-days or less The SSL certificate for FILE will expire on Apr 22 12:32:49 2036 GMT which does not state the hostname nor the file name in the email body. However, the email text generated by certwatch recommends to use genkey to renew the certificate. We most probably want to recommend rhn-ssl-tool ... but there is no way to change the text produced by certwatch via some parameters, and the output is piped directly to sendmail. So it looks like we'll still have to have our own package anyway, probably duplicating the certwatch job script. Done in Spacewalk master, 78291f1becc421fb431ad200b776b58821fe93dc. Tagged as spacewalk-ssl-cert-check-2.0-1. The package was built and is in the nightly repo. Please give it a try -- it can be installed on Spacewalk 1.0 as well. Spacewalk 1.1 has been released. |