Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 883025 - pulp-qpid-ssl-cfg script should mention copying of certs and creating /etc/pki/pulp/qpid/ directory on the consumers
Summary: pulp-qpid-ssl-cfg script should mention copying of certs and creating /etc/pk...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Pulp
Classification: Retired
Component: consumers
Version: 2.0.6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Jeff Ortel
QA Contact: Preethi Thomas
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-12-03 16:30 UTC by Sayli Karmarkar
Modified: 2015-03-23 01:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-07 14:09:23 UTC


Attachments (Terms of Use)

Description Sayli Karmarkar 2012-12-03 16:30:26 UTC
Description of problem:

[messaging]
scheme=ssl
port=5671
cacert=/etc/pki/pulp/qpid/ca.crt
clientcert=/etc/pki/pulp/qpid/client.crt

if /etc/pki/pulp/qpid/ca.crt and /etc/pki/pulp/qpid/client.crt are not copied over to the consumer, error message we see is very confusing, so we should suggest copying them similar to config changes.

Comment 1 Jeff Ortel 2012-12-04 19:12:41 UTC
https://github.com/pulp/pulp/pull/180

Comment 2 Jay Dobies 2012-12-07 14:06:11 UTC
Fixed in the 0.12 beta.

Comment 3 Preethi Thomas 2012-12-07 21:12:56 UTC
verified

[root@preethi ~]# pulp-qpid-ssl-cfg

Working in: /tmp/tmp6957


Please specify a directory into which the created NSS database
and associated certificates will be installed.

Enter a directory [/etc/pki/pulp/qpid]:
/etc/pki/pulp/qpid

Please enter a password for the NSS database.  Generated if not specified.

Enter a password:
Using password: [redhat]

Please specify a CA.  Generated if not specified.

Enter a path: 

Password file created.

Database created.

Creating CA certificate:


Generating key.  This may take a few moments...

CA created

Creating BROKER certificate:


Generating key.  This may take a few moments...

Broker certificate created.

Creating CLIENT certificate:


Generating key.  This may take a few moments...

Client certificate created.
pk12util: PKCS12 EXPORT SUCCESSFUL
MAC verified OK
Client key & certificate exported

Artifacts copied to: /etc/pki/pulp/qpid.

Recommended properties in /etc/qpidd.conf:

auth=no
# SSL
require-encryption=yes
ssl-require-client-authentication=yes
ssl-cert-db=/etc/pki/pulp/qpid/nss
ssl-cert-password-file=/etc/pki/pulp/qpid/nss/password
ssl-cert-name=broker
ssl-port=5671
...


Recommended properties in /etc/pulp/server.conf:

...
[messaging]
url=ssl://<host>:5671
cacert=/etc/pki/pulp/qpid/ca.crt
clientcert=/etc/pki/pulp/qpid/client.crt


Recommended properties in /etc/pulp/consumer/consumer.conf:

...
[messaging]
scheme=ssl
port=5671
cacert=/etc/pki/pulp/qpid/ca.crt
clientcert=/etc/pki/pulp/qpid/client.crt


NOTE: The /etc/pki/pulp/qpid/ca.crt and /etc/pki/pulp/qpid/client.crt certificates will
need to be manually copied to each consumer.

[root@preethi ~]#

Comment 4 Preethi Thomas 2013-01-07 14:09:23 UTC
Pulp 2.0 released.


Note You need to log in before you can comment on or make changes to this bug.