Bug 624757
Summary: | unable to register to hosted candlepin1 w/ secure mode | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | wes hayutin <whayutin> |
Component: | subscription-manager | Assignee: | Bryan Kearney <bkearney> |
Status: | CLOSED ERRATA | QA Contact: | wes hayutin <whayutin> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 6.1 | CC: | bkearney, jsefler, shaines |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-05-19 13:42:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 568421 |
Description
wes hayutin
2010-08-17 16:41:35 UTC
Not reproducible. I believe the server was not restarted after the certificates were changed. Verifying .... On the IT candlepin server: [root@candlepin1 certs]# hostname candlepin1.devlab.phx1.redhat.com [root@candlepin1 certs]# pwd /etc/candlepin/certs [root@candlepin1 certs]# ls candlepin-ca.crt candlepin-ca-password.txt candlepin-ca.key candlepin-upstream-ca.crt [root@candlepin1 certs]# md5sum candlepin-ca.crt de5ef50453a48a53524aff9bb9af2fcd candlepin-ca.crt On my client: [root@jsefler-rhel6-consumer01 ~]# rpm -q subscription-manager subscription-manager-0.75-1.git.29.c3b1d88.fc12.i386 [root@jsefler-rhel6-consumer01 ~]# mkdir /tmp/certs [root@jsefler-rhel6-consumer01 ~]# cd /tmp/certs [root@jsefler-rhel6-consumer01 certs]# scp root.phx1.redhat.com:/etc/candlepin/certs/candlepin* . The authenticity of host 'candlepin1.devlab.phx1.redhat.com (10.7.12.17)' can't be established. RSA key fingerprint is 7d:93:22:a8:48:d2:31:13:f1:41:48:6c:a8:44:40:41. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'candlepin1.devlab.phx1.redhat.com,10.7.12.17' (RSA) to the list of known hosts. root.phx1.redhat.com's password: candlepin-ca.crt 100% 1017 1.0KB/s 00:00 candlepin-ca.key 100% 891 0.9KB/s 00:00 candlepin-ca-password.txt 100% 7 0.0KB/s 00:00 candlepin-upstream-ca.crt 100% 1017 1.0KB/s 00:00 [root@jsefler-rhel6-consumer01 certs]# md5sum candlepin-ca.crt de5ef50453a48a53524aff9bb9af2fcd candlepin-ca.crt [root@jsefler-rhel6-consumer01 certs]# cat /etc/rhsm/rhsm.conf | grep hostname hostname=candlepin1.devlab.phx1.redhat.com [root@jsefler-rhel6-consumer01 certs]# vi /etc/rhsm/rhsm.conf (FLIP THE FLAG FOR INSECURE TO 0) [root@jsefler-rhel6-consumer01 certs]# cat /etc/rhsm/rhsm.conf | grep insecure # Flip this flag to 1 to Enable insecure mode. insecure=0 [root@jsefler-rhel6-consumer01 certs]# cat /etc/rhsm/rhsm.conf | grep candlepin_ca_file candlepin_ca_file = None [root@jsefler-rhel6-consumer01 certs]# subscription-manager-cli register --username=xeops --password=redhat certificate verify failed FAILED (as expected) [root@jsefler-rhel6-consumer01 certs]# vi /etc/rhsm/rhsm.conf (FLIP THE VALUE FOR CANDLEPIN_CA_FILE TO /tmp/certs/candlepin-ca.crt) [root@jsefler-rhel6-consumer01 certs]# cat /etc/rhsm/rhsm.conf | grep candlepin_ca_file candlepin_ca_file = /tmp/certs/candlepin-ca.crt [root@jsefler-rhel6-consumer01 certs]# subscription-manager-cli register --username=xeops --password=redhat ee2c1013-c872-45eb-8cdd-3f39b3005ac2 xeops SUCCESS [root@jsefler-rhel6-consumer01 ~]# tail -f /var/log/rhsm/rhsm.log 2010-09-08 12:46:36,150 [INFO] __init__() @connection.py:136 - Connection Established: host: candlepin1.devlab.phx1.redhat.com, port: 443, handler: /candlepin 2010-09-08 12:46:36,151 [INFO] __init__() @connection.py:137 - Connection using cert_file: /etc/pki/consumer/cert.pem, key_file: /etc/pki/consumer/key.pem, ca_file: /tmp/certs/candlepin-ca.crt insecure_mode: False SUCCESS: We registered in secure mode with the ca_file: /tmp/certs/candlepin-ca.crt Moving to VERIFIED An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0611.html |