Description of problem: I created a SSL certificate with an existing CA. Did not use rhn-ssl-tool --gen-ca to create one. After creating SSL cert installed rhn-org-httpd-ssl-key-pair-<SERVERNAME>-1.0-8.noarch.rpm on the satellite and restarted httpd. CA cert was exported on existing CA and I created a RPM package with: rhn-ssl-tool --gen-ca --rpm-only Newly created RHN-ORG-TRUSTED-SSL-CERT was succesfully deployed to all existing clients. Also imported new CA cert with rhn-ssl-dbstore. New certs work fine with existing RHEL4 clients! RHEL5 clients prints out traceback with following error message: M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match host, expected <SERVERNAME>, got email:<VALID eMail ADDRESS> Versions: Satellite 4.2.1 yum=yum-3.0.1-5.el5 How reproducible: always Steps to Reproduce: Create a KEY: rhn-ssl-tool --gen-server --key-only Create a CSR: rhn-ssl-tool --gen-server --cert-req-only Sign the CSR and copy CERT to Satellite Create RPM Package: rhn-ssl-tool --gen-server --rpm-only Install RPM Package and restart httpd Install rhn-org-trusted-ssl-cert-1.0-4.noarch.rpm on RHEL5 client. Do RHN task like: yum list extras or yum install <package> Actual results: M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match host, expected <SERVERNAME>, got email:<EMAILADDRESS> see traceback attached Expected results: no error Additional info: If necessary, I can provide all certs.
Created attachment 155317 [details] YUM traceback
Issue solved. TinyCA added wrong subjectAltName automatically.