rpm -e rhns-ssl-cert.rpm (or whatever it is called) on a satellite (or proxy) Apache will no longer restart because /etc/http/conf/ssl.{crt,key}/server.{crt,key} were nuked. We probably need to backup and restore their original server.{crt,key} files upon installation and removal of this package.
Yeah. In fact, we should probably consider making proper sslCACert configuration a function of both install and removal. On installation of a custom cert package, %post should alter /etc/sysconfig/rhn/up2date and /etc/sysconfig/rhn/rhn_register, adding the new sslCACert line to each: sslCACert=/usr/share/rhn/RHNS-CORP-CA-CERT On removal of the custom cert package, %post should return the default setting.
Todd was actually referring to the server-side (i.e. proxy/satellite) apache config. I do agree that it would be nice to modify stuff in the post section, but I don't think it's the right time to do it.
I do agree that it would be nice to modify stuff in the post section FOR THE CLIENT, but I don't think it's the right time to do it. This is what I actually meant
Bumping to high priority.
Fixed. rhns-certs-tools 1.3.0-4 should fix this. Added a postun scriptlet (stolen from mod_ssl) to recreate the dummy certs.
confirmed good - closing.