Login | Register
My pages Projects Community openCollabNet

Discussions > users > Re: rhn_register > Reply to message

Project highlights: Stable Version: 1.6.1, Development Version: 1.7.6

current
Reply to message

* = Required fields
* Subject
* Body
Attachments
Send reply to
Topic
Author (directly in email)
Please type the letters in the image above.

Original message

Author pnasrat
Full name Paul Nasrat
Date 2003-04-19 00:42:12 PDT
Message On Fri, Apr 18, 2003 at 03:14:20PM -0700, Stephen Mah wrote:
>
>
> pscannel at fws dot gov wrote:
>
> >I'm now getting the following error:
> ># up2date --register
> >There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
> >'certificate verify failed')]

> yeah, the server time was off. I just turned on ntpd, but I still get
> the error.

Can you check if the certificate on the client authenticates properly.

Check /etc/sysconfig/rhn/up2date and look for the sslCACert lines

sslCACert[comment]=The location of the SSL CA certificate.
sslCACert=/usr/share​/rhn/RHNS-CA-CERT

Check the certificate is the one from the current server:

openssl s_client -connect scoop:443 -CAfile /usr/share/rhn/RHNS-CA-CERT

You are looking for Verify return code: 0 (ok)

If the CA file does not match your server you will see

Verify return code: 18 (self signed certificate)

If this is the case you will need to copy /etc/current/RHNS-CA-CERT from
the current server to the client and put into your sslCACert location.

If the above steps still leave you with an error we'll need to check if
apache is using the current generated key/crt

Paul

--------------------​--------------------​--------------------​---------
To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
For additional commands, e-mail: users-help at current dot tigris dot org