Description of problem: After installing proxy 5.2 on RHEL 5 using the web UI installer, clients can't connect to the proxy using SSL. Version-Release number of selected component (if applicable): Proxy 5.2 How reproducible: Steps to Reproduce: 1. Install 5.2 proxy on RHEL 5 through the web UI from a 5.2 Satellite Actual results: Proxy server is using ssl certs in /etc/pki/certs/localhost.crt Expected results: Proxy server is using ssl certs in /etc/httpd/conf/*/ Additional info: With RHEL 5 the /etc/httpd/conf.d/ssl.conf file started pointing to /etc/pki/certs instead of /etc/httpd/conf/* for it's ssl. The proxy 5.2 web installer doesn't bother changing these entries (as it never had to for RHEL 4). GPS consultant first reported this and i reproduced using test10-64 as a satellite.
btw the command line proxy installer handles this fine with these lines: mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak cat /etc/httpd/conf.d/ssl.conf.bak \ | sed "s|^SSLCertificateFile /etc/pki/tls/certs/localhost.crt$|SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt|g" \ | sed "s|^SSLCertificateKeyFile /etc/pki/tls/private/localhost.key$|SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key|g" \ > /etc/httpd/conf.d/ssl.conf
Workaround/manual fix until the official fix is released - Change /etc/httpd/conf.d/ssl.conf so that these two lines: SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key becomes SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key Then save and restart rhn-proxy service.
fix is in git trunk branch for sw0.4 and sat530
I installed RHN Proxy 5.2 on RHEL5 over WEBUI. Running on proxy: # grep ^SSLCertificate /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key I successfully registered a client to the proxy server over SSL. Verified with RHN Proxy 5.2.
Verified in stage -> RELEASE_PENDING. Proxy 5.3.0 installed via webUI. # grep ^SSLCertificate /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1433.html