Bug 488057 - spacewalk-setup discards previous ssl certificate during 5.3.0 upgrade
spacewalk-setup discards previous ssl certificate during 5.3.0 upgrade
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Upgrades (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Milan Zázrivec
Jeff Browning
Depends On:
Blocks: 456986
  Show dependency treegraph
Reported: 2009-03-02 06:54 EST by Milan Zázrivec
Modified: 2009-08-27 13:38 EDT (History)
1 user (show)

See Also:
Fixed In Version: sat530
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-08-27 13:38:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Milan Zázrivec 2009-03-02 06:54:14 EST
Description of problem:
After an upgrade of 5.2.0 (and older) Satellite installation to some of the
recent 5.3.0 snapshots, upgraded configuration points apache to a new SSL
certificate and effectively discards certificate from previous installation.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install 5.2.0 satellite (or older)
2. Check what SSL certificate your Satellite installation uses
   (for example SSLCertificateFile in /etc/rhn/satellite-httpd/conf/ssl.conf)
3. Check what private key the configuration points to
   (SSLCertificateKeyFile in the same file)
4. Upgrade to Satellite 5.3.0
5. Check for the two SSL values from above.
Actual results:
New certificate & private key are generated, apache configuration points
to them.

Expected results:
Apache configuration after upgrade points to the same certificate & private
key as it did before the upgrade.

Additional info:
Comment 1 Milan Zázrivec 2009-03-05 10:21:42 EST
I've reworked the way spacewalk-setup does ssl.conf setup (new instalations
& upgrades) in spacewalk.git master:


Though the certificate setup did not require any big changes: after the 
upgrade ssl.conf points to different locations for ssl certificate and private
key, but these are in fact symlinks to the original files.
Comment 2 Jeff Browning 2009-05-12 17:03:03 EDT
Comment 3 Michael Mráka 2009-08-27 04:58:19 EDT
Verified in stage -> RELEASE_PENDING.

Sat 520:
[root@sat-mim1]# grep  SSLCertificateFile  /etc/rhn/satellite-httpd/conf/ssl.conf
#   Point SSLCertificateFile at a PEM encoded certificate.  If
SSLCertificateFile /etc/rhn/satellite-httpd/conf/ssl.crt/server.crt

Sat 530:
[root@sat-mim1]# grep SSLCertificate /etc/httpd/conf.d/ssl.conf 
# Point SSLCertificateFile at a PEM encoded certificate.  If
SSLCertificateFile /etc/pki/tls/certs/spacewalk.crt
[root@sat-mim1]# ll /etc/pki/tls/certs/spacewalk.crt
lrwxrwxrwx 1 root root 38 Aug 26 16:21 /etc/pki/tls/certs/spacewalk.crt -> ../../../httpd/conf/ssl.crt/server.crt
Comment 4 Brandon Perkins 2009-08-27 13:38:10 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.