Bug 471928 - Tui should be able to choose cert automatically depending on hosted or satellite
Tui should be able to choose cert automatically depending on hosted or satellite
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: rhn-client-tools (Show other bugs)
All Linux
low Severity low
: rc
: ---
Assigned To: Pradeep Kilambi
Garik Khachikyan
Depends On:
  Show dependency treegraph
Reported: 2008-11-17 13:24 EST by Sayli Karmarkar
Modified: 2015-01-04 16:56 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-02 07:21:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sayli Karmarkar 2008-11-17 13:24:02 EST
Description of problem:
Goal is that the registration TUI will be smart enough to attempt to chose a
sslCert based on registering to RHN Hosted or a Satellite.  

For the Hosted case it should use /usr/share/rhn/RHNS-CA-CERT for the satellite case it should use /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT.  Note in the satellite case, the file RHN-ORG-TRUSTED-SSL-CERT may not exist, this is a best effort attempt, if the file doesn't exist then it should follow the normal method of prompting for a cert to use.

Version-Release number of selected component (if applicable):

Steps to Reproduce:
In config file -
1. Set serverUrl to hosted or satellite.
2. Set SSLCert to a file which doesn't exist.
3. rhn_register --nox
Actual results:
Fatal Error window: saying
 ERROR: can not find RHNS CA file:
 Please verify the value of sslCACert
 in /etc/sysconfig/rhn/up2date

Expected results:
  if RHNS-CA-CERT exists in case of hosted or RHN-ORG-TRUSTED-SSL-CERT exists in  case of satellite and its valid, it should be able to change config file and be able to register with these default certs.
Comment 1 Sayli Karmarkar 2008-11-17 13:29:41 EST
Fix for bz: 442923 takes care of gui. Similar fix needs to be added for tui over here.
Comment 4 James Bowes 2009-06-04 12:59:36 EDT
commit 68bf294229... for this bug will overwrite any existing value you may have in the config upon running rhn_register, so if you've set it by hand in the file you're out of luck, or even if you want to use the file's default, when the code thinks you should use a different value, you're out of luck. This has been giving us problems when testing against internal environments.
Comment 8 Garik Khachikyan 2009-07-27 04:14:51 EDT

For the hosted case, when the URL in up2date config file can not be found it is not defaulting to the /usr/share/rhn/RHNS-CA-CERT file but instead gives an error:
ERROR: can not find RHNS CA file:

Please verify the value of sslCACert
in /etc/sysconfig/rhn/up2date
Comment 9 Garik Khachikyan 2009-07-27 04:16:06 EDT
Packages are:
Comment 11 Garik Khachikyan 2009-07-27 11:39:50 EDT

Sorry for misunderstanding the implemented solution, which is:
When the "sslCAcert=", i.e. is left empty, missing... then it fills with either RHNS-CA-CERT or RHN-ORG-TRUSTED-SSL-CERT (hosted or satellite).

It's working fine with the implementation:
1. Checked with empty value for hosted: fills properly with its default value after rhn_register TUI
2. Checked with empty value for satellite: fills properly with its default value after rhn_register TUI

Checked with: RHEL5.4-Client-20090715.0 (i386, x86_64);
RHEL5.4-Server-20090715.0 (i386, x86_64, ia64, s390x)
Package: yum-3.2.22-20.el5.noarch
Comment 13 errata-xmlrpc 2009-09-02 07:21:46 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.