Bug 812003 - Monitoring Scout will not start: Certificate verify failed.
Monitoring Scout will not start: Certificate verify failed.
Status: CLOSED INSUFFICIENT_DATA
Product: Spacewalk
Classification: Community
Component: Server (Show other bugs)
1.7
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jan Pazdziora
Red Hat Satellite QA List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-12 09:57 EDT by William Brown
Modified: 2013-05-10 03:18 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-05-10 03:18:52 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description William Brown 2012-04-12 09:57:01 EDT
Description of problem:
After enabling monitoring, when the spacewalk server is restarted the Monitoring Scout will not launch, citing an SSL verification error.

Version-Release number of selected component (if applicable):
Fedora 17 x86_64
Spacewalk 1.7

How reproducible:
Always

Steps to Reproduce:
1. Install Fedora and Spacewalk-postgresql.
2. Activate monitoring via the Spacewalk Admin panel
3. Run spacewalk-service restart
  
Actual results:
SSL verification error is thrown.

Expected results:
Monitoring Scout starts.

Additional info:

No channels have yet been configured - The first action taken on the spacewalk system was to enable monitoring which caused this error.
Spacewalk.crt appears to exist in /etc/ssl/certs/, and has world readable permissions.
SELinux has been temporarily set to permissive.

Output is:

Starting Monitoring ...  
	Starting InstallSoftwareConfig ...  [ OK ]
	Starting NotifEscalator ...  [ OK ]
	Starting GenerateNotifConfig ...  [ OK ]
	Starting NotifLauncher ...  [ OK ]
	Starting Notifier ...  [ OK ]
	Starting AckProcessor ...  [ OK ]
	Starting TSDBLocalQueue ...  [ OK ]
[ OK ]
Starting MonitoringScout ...  
	Starting NPBootstrap ...  2012-04-12 23:19:12 NPBootstrap: 	!! ERROR FROM SHELL COMMAND: 
2012-04-12 23:19:12 NPBootstrap: 	!! STDOUT: Requesting https://spacewalk.dev.firstyear.id.au/satconfig/cgi-bin/fetch_netsaintid.cgi?ssk=571081bf0906&publickey=ssh-dss%20AAAAB3NzaC1kc3MAAACBAK3QJPk3%2FbCmraoTCDO2tlVNA4sF9mI%2FdC%2FI0MdRzFNcQTkGqHYyJkxFJXL%2Fe10xwx3zjXr9SanAIZb5MpHht2KVHjDkPuxeHeAsYRP2g8cKMEtABUNddClmTRv5DoFq7h%2BkE6Ou6FGHoosVNseHD7SmMOKaOa7yguW3ilScNWOLAAAAFQD4A8LUC%2BZLrK3AQNV5Ok0%2Fhw%2BrRwAAAIEAqZNnPJdDlDmzcI77njcQfGbuh%2BzsLXQBxdWzUOjDP6EaLucc03VaxeJYlg3Rt1VNhaOY%2FmgBAmvYY2tIz3N3X2SkQrTv42YOAcEXAUReVSGQG0wNwMiNmKTtacB3LU7A2FVDRcuID7Z2AKAvMn22RBVJa9qnxvyE%2B5vR%2B2oI1TkAAACAfDLTSlSvqWiEoELL4gl2kCBJ3kvVYccsh54PPw6fsztT%2FEGWcaaam%2FVGER7yaOpOOnX%2BsjYLgB9CuarVyO6Ln%2B6rggYOzjrVbm1Dh%2BmepJlOgnvNb4v7GvxQpKfAYlOe9JL5ycaSanLKISthv8ABKHFfTHySrMYiGCpPjHR0qdc%3D%20nocpulse%40spacewalk%2Edev%2Efirstyear%2Eid%2Eau%0A
Error on attempt 1:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 2:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 3:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 4:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Failed 5 times to get data for this node.

2012-04-12 23:19:12 NPBootstrap: 	!! STDERR: 
2012-04-12 23:19:12 NPBootstrap: 	!! EXIT: 256
[ FAIL ]
2012-04-12 23:19:12 NPBootstrap: WARNING: STARTED BUT *NOT* RUNNING
2012-04-12 23:19:12 NPBootstrap: ERRORS ENCOUNTERED DURING LAST ACTION:
2012-04-12 23:19:12 NPBootstrap: 	!! ERROR FROM SHELL COMMAND: 
2012-04-12 23:19:12 NPBootstrap: 	!! STDOUT: Requesting https://spacewalk.dev.firstyear.id.au/satconfig/cgi-bin/fetch_netsaintid.cgi?ssk=571081bf0906&publickey=ssh-dss%20AAAAB3NzaC1kc3MAAACBAK3QJPk3%2FbCmraoTCDO2tlVNA4sF9mI%2FdC%2FI0MdRzFNcQTkGqHYyJkxFJXL%2Fe10xwx3zjXr9SanAIZb5MpHht2KVHjDkPuxeHeAsYRP2g8cKMEtABUNddClmTRv5DoFq7h%2BkE6Ou6FGHoosVNseHD7SmMOKaOa7yguW3ilScNWOLAAAAFQD4A8LUC%2BZLrK3AQNV5Ok0%2Fhw%2BrRwAAAIEAqZNnPJdDlDmzcI77njcQfGbuh%2BzsLXQBxdWzUOjDP6EaLucc03VaxeJYlg3Rt1VNhaOY%2FmgBAmvYY2tIz3N3X2SkQrTv42YOAcEXAUReVSGQG0wNwMiNmKTtacB3LU7A2FVDRcuID7Z2AKAvMn22RBVJa9qnxvyE%2B5vR%2B2oI1TkAAACAfDLTSlSvqWiEoELL4gl2kCBJ3kvVYccsh54PPw6fsztT%2FEGWcaaam%2FVGER7yaOpOOnX%2BsjYLgB9CuarVyO6Ln%2B6rggYOzjrVbm1Dh%2BmepJlOgnvNb4v7GvxQpKfAYlOe9JL5ycaSanLKISthv8ABKHFfTHySrMYiGCpPjHR0qdc%3D%20nocpulse%40spacewalk%2Edev%2Efirstyear%2Eid%2Eau%0A
Error on attempt 1:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 2:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 3:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 4:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Failed 5 times to get data for this node.

2012-04-12 23:19:12 NPBootstrap: 	!! STDERR: 
2012-04-12 23:19:12 NPBootstrap: 	!! EXIT: 256
	Starting SputLite ...  [ OK ]
	Starting Dequeuer ...  [ OK ]
	Starting Dispatcher ...  [ OK ]
[ OK ]
Starting rhn-search...
Comment 1 Jan Pazdziora 2012-06-29 10:16:46 EDT
(In reply to comment #0)
> Description of problem:
> After enabling monitoring, when the spacewalk server is restarted the
> Monitoring Scout will not launch, citing an SSL verification error.
> 
> Version-Release number of selected component (if applicable):
> Fedora 17 x86_64

What Fedora and LWP versions are these exactly?

> Error on attempt 4:  Status: '500 Can't connect to
> spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content:
> 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify
> failed)

If you do

export PERL_LWP_SSL_VERIFY_HOSTNAME=0 

before running that spacewalk-service restart, does it seem to help?

Note You need to log in before you can comment on or make changes to this bug.