Login | Register
My pages Projects Community openCollabNet

Discussions > users > Re: rhn_register

Project highlights: Stable Version: 1.6.1, Development Version: 1.7.6

current
Discussion topic

Back to topic list

Re: rhn_register

Reply

Author pnasrat
Full name Paul Nasrat
Date 2003-04-19 00:42:12 PDT
Message On Fri, Apr 18, 2003 at 03:14:20PM -0700, Stephen Mah wrote:
>
>
> pscannel at fws dot gov wrote:
>
> >I'm now getting the following error:
> ># up2date --register
> >There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
> >'certificate verify failed')]

> yeah, the server time was off. I just turned on ntpd, but I still get
> the error.

Can you check if the certificate on the client authenticates properly.

Check /etc/sysconfig/rhn/up2date and look for the sslCACert lines

sslCACert[comment]=The location of the SSL CA certificate.
sslCACert=/usr/share​/rhn/RHNS-CA-CERT

Check the certificate is the one from the current server:

openssl s_client -connect scoop:443 -CAfile /usr/share/rhn/RHNS-CA-CERT

You are looking for Verify return code: 0 (ok)

If the CA file does not match your server you will see

Verify return code: 18 (self signed certificate)

If this is the case you will need to copy /etc/current/RHNS-CA-CERT from
the current server to the client and put into your sslCACert location.

If the above steps still leave you with an error we'll need to check if
apache is using the current generated key/crt

Paul

--------------------​--------------------​--------------------​---------
To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
For additional commands, e-mail: users-help at current dot tigris dot org

« Previous message in topic | 3 of 8 | Next message in topic »

Messages

Show all messages in topic

Re: rhn_register pscannel at fws dot gov pscannel at fws dot gov 2003-04-18 11:22:09 PDT
     Re: rhn_register Stephen Mah <steve dot mah at oracle dot com> Stephen Mah <steve dot mah at oracle dot com> 2003-04-18 15:14:20 PDT
         Re: rhn_register pnasrat Paul Nasrat 2003-04-19 00:42:12 PDT
             Re: rhn_register Stephen Mah <steve dot mah at oracle dot com> Stephen Mah <steve dot mah at oracle dot com> 2003-04-21 14:30:52 PDT
                 Re: rhn_register hunterm Hunter Matthews 2003-04-21 15:23:27 PDT
                     Re: rhn_register (update of problem) Stephen Mah <steve dot mah at oracle dot com> Stephen Mah <steve dot mah at oracle dot com> 2003-04-22 11:03:23 PDT
                         Re: rhn_register (update of problem) Hunter Matthews <thm at duke dot edu> Hunter Matthews <thm at duke dot edu> 2003-04-23 08:08:59 PDT
                             Re: rhn_register (update of problem) jwbernin John Berninger 2003-04-26 07:28:00 PDT
Messages per page: