Description of problem: After an upgrade of 5.2.0 (and older) Satellite installation to some of the recent 5.3.0 snapshots, upgraded configuration points apache to a new SSL certificate and effectively discards certificate from previous installation. Version-Release number of selected component (if applicable): spacewalk-setup-0.5.15-1 How reproducible: Always Steps to Reproduce: 1. Install 5.2.0 satellite (or older) 2. Check what SSL certificate your Satellite installation uses (for example SSLCertificateFile in /etc/rhn/satellite-httpd/conf/ssl.conf) 3. Check what private key the configuration points to (SSLCertificateKeyFile in the same file) 4. Upgrade to Satellite 5.3.0 5. Check for the two SSL values from above. Actual results: New certificate & private key are generated, apache configuration points to them. Expected results: Apache configuration after upgrade points to the same certificate & private key as it did before the upgrade. Additional info: N/A
I've reworked the way spacewalk-setup does ssl.conf setup (new instalations & upgrades) in spacewalk.git master: 2dadf6cf0c5e0a93f3c6a0b697db17ecc2808d5c d6e340d0c5a5752402fa38a6c318608de1463af6 Though the certificate setup did not require any big changes: after the upgrade ssl.conf points to different locations for ssl certificate and private key, but these are in fact symlinks to the original files.
Verified
Verified in stage -> RELEASE_PENDING. Sat 520: [root@sat-mim1]# grep SSLCertificateFile /etc/rhn/satellite-httpd/conf/ssl.conf # Point SSLCertificateFile at a PEM encoded certificate. If SSLCertificateFile /etc/rhn/satellite-httpd/conf/ssl.crt/server.crt Sat 530: [root@sat-mim1]# grep SSLCertificate /etc/httpd/conf.d/ssl.conf # Point SSLCertificateFile at a PEM encoded certificate. If SSLCertificateFile /etc/pki/tls/certs/spacewalk.crt [root@sat-mim1]# ll /etc/pki/tls/certs/spacewalk.crt lrwxrwxrwx 1 root root 38 Aug 26 16:21 /etc/pki/tls/certs/spacewalk.crt -> ../../../httpd/conf/ssl.crt/server.crt
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1235.html