Bug 812003 - Monitoring Scout will not start: Certificate verify failed.
Monitoring Scout will not start: Certificate verify failed.
Status: CLOSED INSUFFICIENT_DATA
Product: Spacewalk
Classification: Community
Component: Server (Show other bugs)
1.7
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jan Pazdziora
Red Hat Satellite QA List
:
Depends On:
Blocks: space27
  Show dependency treegraph
 
Reported: 2012-04-12 09:57 EDT by William Brown
Modified: 2017-09-28 13:57 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-05-10 03:18:52 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description William Brown 2012-04-12 09:57:01 EDT
Description of problem:
After enabling monitoring, when the spacewalk server is restarted the Monitoring Scout will not launch, citing an SSL verification error.

Version-Release number of selected component (if applicable):
Fedora 17 x86_64
Spacewalk 1.7

How reproducible:
Always

Steps to Reproduce:
1. Install Fedora and Spacewalk-postgresql.
2. Activate monitoring via the Spacewalk Admin panel
3. Run spacewalk-service restart
  
Actual results:
SSL verification error is thrown.

Expected results:
Monitoring Scout starts.

Additional info:

No channels have yet been configured - The first action taken on the spacewalk system was to enable monitoring which caused this error.
Spacewalk.crt appears to exist in /etc/ssl/certs/, and has world readable permissions.
SELinux has been temporarily set to permissive.

Output is:

Starting Monitoring ...  
	Starting InstallSoftwareConfig ...  [ OK ]
	Starting NotifEscalator ...  [ OK ]
	Starting GenerateNotifConfig ...  [ OK ]
	Starting NotifLauncher ...  [ OK ]
	Starting Notifier ...  [ OK ]
	Starting AckProcessor ...  [ OK ]
	Starting TSDBLocalQueue ...  [ OK ]
[ OK ]
Starting MonitoringScout ...  
	Starting NPBootstrap ...  2012-04-12 23:19:12 NPBootstrap: 	!! ERROR FROM SHELL COMMAND: 
2012-04-12 23:19:12 NPBootstrap: 	!! STDOUT: Requesting https://spacewalk.dev.firstyear.id.au/satconfig/cgi-bin/fetch_netsaintid.cgi?ssk=571081bf0906&publickey=ssh-dss%20AAAAB3NzaC1kc3MAAACBAK3QJPk3%2FbCmraoTCDO2tlVNA4sF9mI%2FdC%2FI0MdRzFNcQTkGqHYyJkxFJXL%2Fe10xwx3zjXr9SanAIZb5MpHht2KVHjDkPuxeHeAsYRP2g8cKMEtABUNddClmTRv5DoFq7h%2BkE6Ou6FGHoosVNseHD7SmMOKaOa7yguW3ilScNWOLAAAAFQD4A8LUC%2BZLrK3AQNV5Ok0%2Fhw%2BrRwAAAIEAqZNnPJdDlDmzcI77njcQfGbuh%2BzsLXQBxdWzUOjDP6EaLucc03VaxeJYlg3Rt1VNhaOY%2FmgBAmvYY2tIz3N3X2SkQrTv42YOAcEXAUReVSGQG0wNwMiNmKTtacB3LU7A2FVDRcuID7Z2AKAvMn22RBVJa9qnxvyE%2B5vR%2B2oI1TkAAACAfDLTSlSvqWiEoELL4gl2kCBJ3kvVYccsh54PPw6fsztT%2FEGWcaaam%2FVGER7yaOpOOnX%2BsjYLgB9CuarVyO6Ln%2B6rggYOzjrVbm1Dh%2BmepJlOgnvNb4v7GvxQpKfAYlOe9JL5ycaSanLKISthv8ABKHFfTHySrMYiGCpPjHR0qdc%3D%20nocpulse%40spacewalk%2Edev%2Efirstyear%2Eid%2Eau%0A
Error on attempt 1:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 2:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 3:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 4:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Failed 5 times to get data for this node.

2012-04-12 23:19:12 NPBootstrap: 	!! STDERR: 
2012-04-12 23:19:12 NPBootstrap: 	!! EXIT: 256
[ FAIL ]
2012-04-12 23:19:12 NPBootstrap: WARNING: STARTED BUT *NOT* RUNNING
2012-04-12 23:19:12 NPBootstrap: ERRORS ENCOUNTERED DURING LAST ACTION:
2012-04-12 23:19:12 NPBootstrap: 	!! ERROR FROM SHELL COMMAND: 
2012-04-12 23:19:12 NPBootstrap: 	!! STDOUT: Requesting https://spacewalk.dev.firstyear.id.au/satconfig/cgi-bin/fetch_netsaintid.cgi?ssk=571081bf0906&publickey=ssh-dss%20AAAAB3NzaC1kc3MAAACBAK3QJPk3%2FbCmraoTCDO2tlVNA4sF9mI%2FdC%2FI0MdRzFNcQTkGqHYyJkxFJXL%2Fe10xwx3zjXr9SanAIZb5MpHht2KVHjDkPuxeHeAsYRP2g8cKMEtABUNddClmTRv5DoFq7h%2BkE6Ou6FGHoosVNseHD7SmMOKaOa7yguW3ilScNWOLAAAAFQD4A8LUC%2BZLrK3AQNV5Ok0%2Fhw%2BrRwAAAIEAqZNnPJdDlDmzcI77njcQfGbuh%2BzsLXQBxdWzUOjDP6EaLucc03VaxeJYlg3Rt1VNhaOY%2FmgBAmvYY2tIz3N3X2SkQrTv42YOAcEXAUReVSGQG0wNwMiNmKTtacB3LU7A2FVDRcuID7Z2AKAvMn22RBVJa9qnxvyE%2B5vR%2B2oI1TkAAACAfDLTSlSvqWiEoELL4gl2kCBJ3kvVYccsh54PPw6fsztT%2FEGWcaaam%2FVGER7yaOpOOnX%2BsjYLgB9CuarVyO6Ln%2B6rggYOzjrVbm1Dh%2BmepJlOgnvNb4v7GvxQpKfAYlOe9JL5ycaSanLKISthv8ABKHFfTHySrMYiGCpPjHR0qdc%3D%20nocpulse%40spacewalk%2Edev%2Efirstyear%2Eid%2Eau%0A
Error on attempt 1:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 2:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 3:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 4:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Failed 5 times to get data for this node.

2012-04-12 23:19:12 NPBootstrap: 	!! STDERR: 
2012-04-12 23:19:12 NPBootstrap: 	!! EXIT: 256
	Starting SputLite ...  [ OK ]
	Starting Dequeuer ...  [ OK ]
	Starting Dispatcher ...  [ OK ]
[ OK ]
Starting rhn-search...
Comment 1 Jan Pazdziora 2012-06-29 10:16:46 EDT
(In reply to comment #0)
> Description of problem:
> After enabling monitoring, when the spacewalk server is restarted the
> Monitoring Scout will not launch, citing an SSL verification error.
> 
> Version-Release number of selected component (if applicable):
> Fedora 17 x86_64

What Fedora and LWP versions are these exactly?

> Error on attempt 4:  Status: '500 Can't connect to
> spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content:
> 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify
> failed)

If you do

export PERL_LWP_SSL_VERIFY_HOSTNAME=0 

before running that spacewalk-service restart, does it seem to help?
Comment 2 Eric Herget 2017-09-28 13:57:09 EDT
This BZ closed some time during 2.5, 2.6 or 2.7.  Adding to 2.7 tracking bug.

Note You need to log in before you can comment on or make changes to this bug.