Bug 812003 - Monitoring Scout will not start: Certificate verify failed.
Summary: Monitoring Scout will not start: Certificate verify failed.
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Spacewalk
Classification: Community
Component: Server
Version: 1.7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jan Pazdziora (Red Hat)
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks: space27
TreeView+ depends on / blocked
 
Reported: 2012-04-12 13:57 UTC by William Brown
Modified: 2017-09-28 17:57 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-05-10 07:18:52 UTC
Embargoed:

Attachments (Terms of Use)

Description William Brown 2012-04-12 13:57:01 UTC 
Description of problem:
After enabling monitoring, when the spacewalk server is restarted the Monitoring Scout will not launch, citing an SSL verification error.

Version-Release number of selected component (if applicable):
Fedora 17 x86_64
Spacewalk 1.7

How reproducible:
Always

Steps to Reproduce:
1. Install Fedora and Spacewalk-postgresql.
2. Activate monitoring via the Spacewalk Admin panel
3. Run spacewalk-service restart
  
Actual results:
SSL verification error is thrown.

Expected results:
Monitoring Scout starts.

Additional info:

No channels have yet been configured - The first action taken on the spacewalk system was to enable monitoring which caused this error.
Spacewalk.crt appears to exist in /etc/ssl/certs/, and has world readable permissions.
SELinux has been temporarily set to permissive.

Output is:

Starting Monitoring ...  
	Starting InstallSoftwareConfig ...  [ OK ]
	Starting NotifEscalator ...  [ OK ]
	Starting GenerateNotifConfig ...  [ OK ]
	Starting NotifLauncher ...  [ OK ]
	Starting Notifier ...  [ OK ]
	Starting AckProcessor ...  [ OK ]
	Starting TSDBLocalQueue ...  [ OK ]
[ OK ]
Starting MonitoringScout ...  
	Starting NPBootstrap ...  2012-04-12 23:19:12 NPBootstrap: 	!! ERROR FROM SHELL COMMAND: 
2012-04-12 23:19:12 NPBootstrap: 	!! STDOUT: Requesting https://spacewalk.dev.firstyear.id.au/satconfig/cgi-bin/fetch_netsaintid.cgi?ssk=571081bf0906&publickey=ssh-dss%20AAAAB3NzaC1kc3MAAACBAK3QJPk3%2FbCmraoTCDO2tlVNA4sF9mI%2FdC%2FI0MdRzFNcQTkGqHYyJkxFJXL%2Fe10xwx3zjXr9SanAIZb5MpHht2KVHjDkPuxeHeAsYRP2g8cKMEtABUNddClmTRv5DoFq7h%2BkE6Ou6FGHoosVNseHD7SmMOKaOa7yguW3ilScNWOLAAAAFQD4A8LUC%2BZLrK3AQNV5Ok0%2Fhw%2BrRwAAAIEAqZNnPJdDlDmzcI77njcQfGbuh%2BzsLXQBxdWzUOjDP6EaLucc03VaxeJYlg3Rt1VNhaOY%2FmgBAmvYY2tIz3N3X2SkQrTv42YOAcEXAUReVSGQG0wNwMiNmKTtacB3LU7A2FVDRcuID7Z2AKAvMn22RBVJa9qnxvyE%2B5vR%2B2oI1TkAAACAfDLTSlSvqWiEoELL4gl2kCBJ3kvVYccsh54PPw6fsztT%2FEGWcaaam%2FVGER7yaOpOOnX%2BsjYLgB9CuarVyO6Ln%2B6rggYOzjrVbm1Dh%2BmepJlOgnvNb4v7GvxQpKfAYlOe9JL5ycaSanLKISthv8ABKHFfTHySrMYiGCpPjHR0qdc%3D%20nocpulse%40spacewalk%2Edev%2Efirstyear%2Eid%2Eau%0A
Error on attempt 1:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 2:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 3:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 4:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Failed 5 times to get data for this node.

2012-04-12 23:19:12 NPBootstrap: 	!! STDERR: 
2012-04-12 23:19:12 NPBootstrap: 	!! EXIT: 256
[ FAIL ]
2012-04-12 23:19:12 NPBootstrap: WARNING: STARTED BUT *NOT* RUNNING
2012-04-12 23:19:12 NPBootstrap: ERRORS ENCOUNTERED DURING LAST ACTION:
2012-04-12 23:19:12 NPBootstrap: 	!! ERROR FROM SHELL COMMAND: 
2012-04-12 23:19:12 NPBootstrap: 	!! STDOUT: Requesting https://spacewalk.dev.firstyear.id.au/satconfig/cgi-bin/fetch_netsaintid.cgi?ssk=571081bf0906&publickey=ssh-dss%20AAAAB3NzaC1kc3MAAACBAK3QJPk3%2FbCmraoTCDO2tlVNA4sF9mI%2FdC%2FI0MdRzFNcQTkGqHYyJkxFJXL%2Fe10xwx3zjXr9SanAIZb5MpHht2KVHjDkPuxeHeAsYRP2g8cKMEtABUNddClmTRv5DoFq7h%2BkE6Ou6FGHoosVNseHD7SmMOKaOa7yguW3ilScNWOLAAAAFQD4A8LUC%2BZLrK3AQNV5Ok0%2Fhw%2BrRwAAAIEAqZNnPJdDlDmzcI77njcQfGbuh%2BzsLXQBxdWzUOjDP6EaLucc03VaxeJYlg3Rt1VNhaOY%2FmgBAmvYY2tIz3N3X2SkQrTv42YOAcEXAUReVSGQG0wNwMiNmKTtacB3LU7A2FVDRcuID7Z2AKAvMn22RBVJa9qnxvyE%2B5vR%2B2oI1TkAAACAfDLTSlSvqWiEoELL4gl2kCBJ3kvVYccsh54PPw6fsztT%2FEGWcaaam%2FVGER7yaOpOOnX%2BsjYLgB9CuarVyO6Ln%2B6rggYOzjrVbm1Dh%2BmepJlOgnvNb4v7GvxQpKfAYlOe9JL5ycaSanLKISthv8ABKHFfTHySrMYiGCpPjHR0qdc%3D%20nocpulse%40spacewalk%2Edev%2Efirstyear%2Eid%2Eau%0A
Error on attempt 1:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 2:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 3:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 4:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Failed 5 times to get data for this node.

2012-04-12 23:19:12 NPBootstrap: 	!! STDERR: 
2012-04-12 23:19:12 NPBootstrap: 	!! EXIT: 256
	Starting SputLite ...  [ OK ]
	Starting Dequeuer ...  [ OK ]
	Starting Dispatcher ...  [ OK ]
[ OK ]
Starting rhn-search...
Comment 1 Jan Pazdziora (Red Hat) 2012-06-29 14:16:46 UTC 
(In reply to comment #0)
> Description of problem:
> After enabling monitoring, when the spacewalk server is restarted the
> Monitoring Scout will not launch, citing an SSL verification error.
> 
> Version-Release number of selected component (if applicable):
> Fedora 17 x86_64

What Fedora and LWP versions are these exactly?

> Error on attempt 4:  Status: '500 Can't connect to
> spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content:
> 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify
> failed)

If you do

export PERL_LWP_SSL_VERIFY_HOSTNAME=0 

before running that spacewalk-service restart, does it seem to help?
Comment 2 Eric Herget 2017-09-28 17:57:09 UTC 
This BZ closed some time during 2.5, 2.6 or 2.7.  Adding to 2.7 tracking bug.
Note You need to log in before you can comment on or make changes to this bug.