Login | Register
My pages Projects Community openCollabNet

Discussions > users > Re: rhn_register

Project highlights: Stable Version: 1.6.1, Development Version: 1.7.6

current
Discussion topic

Hide all messages in topic

All messages in topic

Re: rhn_register (update of problem)

Reply

Author jwbernin
Full name John Berninger
Date 2003-04-26 07:28:00 PDT
Message > [1] John, should we contemplate taking this out and storing it in a
> seperate place/file/db_table somewhere?

I can see benefits to this; especially for use in channel subscription
management. I'm toying with the idea of a "per-channel" secret, as
opposed to a server secret, that could be used to automagically
determine which channels a given client is subscribed to based on the
sysid. No idea how it would be implemented yet, though...

Anyone else on this list have thoughts on this idea? Keep in mind, this
is probably a 1.9 timeline idea...

--
John Berninger

GPG Key ID: A8C1D45C
        Fingerprint: B1BB 90CB 5314 3113 CF22 66AE 822D 42A8 A8C1 D45C

Sit vis nobiscum.
--

--------------------​--------------------​--------------------​---------
To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
For additional commands, e-mail: users-help at current dot tigris dot org

Re: rhn_register (update of problem)

Reply

Author Hunter Matthews <thm at duke dot edu>
Full name Hunter Matthews <thm at duke dot edu>
Date 2003-04-23 08:08:59 PDT
Message On Tue, 2003-04-22 at 14:03, Stephen Mah wrote:
> Hunter Matthews wrote:

> My apache server is running and apache can read the file.
>
> I'm still getting the "privacy error" from the client.
>
> Also, I'm now getting an error while running cadmin:
> # cadmin
> Error: db_dir or web_dir not found - perhaps this is an older config file?
>
> I did not get this error before, and I'm vitually sure all the paths are
> correct. Has anyone seen this before?

Taking out the server secret[1], attach your current.conf to an email to
the list. SOmethings wrong with it.

[1] John, should we contemplate taking this out and storing it in a
seperate place/file/db_table somewhere?

--
Hunter Matthews Unix / Network Administrator
Office: BioScience 145/244 Duke Univ. Biology Department
Key: F0F88438 / FFB5 34C0 B350 99A4 BB02 9779 A5DB 8B09 F0F8 8438
Never take candy from strangers. Especially on the internet.


--------------------​--------------------​--------------------​---------
To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
For additional commands, e-mail: users-help at current dot tigris dot org

Re: rhn_register (update of problem)

Reply

Author Stephen Mah <steve dot mah at oracle dot com>
Full name Stephen Mah <steve dot mah at oracle dot com>
Date 2003-04-22 11:03:23 PDT
Message Hunter Matthews wrote:

>On Mon, 2003-04-21 at 17:30, Stephen Mah wrote:
>
>
>
>>Paul,
>>
>>thanks for the help. It works now, but when I run up2date... I get Fatal
>>error retrieving privacy statement: internal server error.
>>I made sure that I have the privacy_statement line in my
>>/etc/current​/current.conf file. Do I have to -rerun anything?
>>like cadmin create_apache_config
>>
>>
>>
>
>create_apache_config is a one time thing.
>
>Have you restarted apache, and can apache read that config file?
>
>
>

My apache server is running and apache can read the file.

I'm still getting the "privacy error" from the client.

Also, I'm now getting an error while running cadmin:
# cadmin
Error: db_dir or web_dir not found - perhaps this is an older config file?

I did not get this error before, and I'm vitually sure all the paths are
correct. Has anyone seen this before?

thanks


--------------------​--------------------​--------------------​---------
To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
For additional commands, e-mail: users-help at current dot tigris dot org

Re: rhn_register

Reply

Author hunterm
Full name Hunter Matthews
Date 2003-04-21 15:23:27 PDT
Message On Mon, 2003-04-21 at 17:30, Stephen Mah wrote:

>
> Paul,
>
> thanks for the help. It works now, but when I run up2date... I get Fatal
> error retrieving privacy statement: internal server error.
> I made sure that I have the privacy_statement line in my
> /etc/current/current.conf file. Do I have to -rerun anything?
> like cadmin create_apache_config
>

create_apache_config is a one time thing.

Have you restarted apache, and can apache read that config file?


> -thanks
>
>
> --------------------​--------------------​--------------------​---------
> To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
> For additional commands, e-mail: users-help at current dot tigris dot org
--
Hunter Matthews Unix / Network Administrator
Office: BioScience 145/244 Duke Univ. Biology Department
Key: F0F88438 / FFB5 34C0 B350 99A4 BB02 9779 A5DB 8B09 F0F8 8438
Never take candy from strangers. Especially on the internet.


--------------------​--------------------​--------------------​---------
To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
For additional commands, e-mail: users-help at current dot tigris dot org

Re: rhn_register

Reply

Author Stephen Mah <steve dot mah at oracle dot com>
Full name Stephen Mah <steve dot mah at oracle dot com>
Date 2003-04-21 14:30:52 PDT
Message >
>
>Can you check if the certificate on the client authenticates properly.
>
>Check /etc/sysconfig/rhn/up2date and look for the sslCACert lines
>
>sslCACert[comment]=The location of the SSL CA certificate.
>sslCACert=/usr/s​hare/rhn/RHNS-CA-CER​T
>
>Check the certificate is the one from the current server:
>
>openssl s_client -connect scoop:443 -CAfile /usr/share/rhn/RHNS-CA-CERT
>
>You are looking for Verify return code: 0 (ok)
>
>If the CA file does not match your server you will see
>
>Verify return code: 18 (self signed certificate)
>
>If this is the case you will need to copy /etc/current/RHNS-CA-CERT from
>the current server to the client and put into your sslCACert location.
>
>If the above steps still leave you with an error we'll need to check if
>apache is using the current generated key/crt
>
>Paul
>
>

Paul,

thanks for the help. It works now, but when I run up2date... I get Fatal
error retrieving privacy statement: internal server error.
I made sure that I have the privacy_statement line in my
/etc/current/current.conf file. Do I have to -rerun anything?
like cadmin create_apache_config

-thanks


--------------------​--------------------​--------------------​---------
To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
For additional commands, e-mail: users-help at current dot tigris dot org

Re: rhn_register

Reply

Author pnasrat
Full name Paul Nasrat
Date 2003-04-19 00:42:12 PDT
Message On Fri, Apr 18, 2003 at 03:14:20PM -0700, Stephen Mah wrote:
>
>
> pscannel at fws dot gov wrote:
>
> >I'm now getting the following error:
> ># up2date --register
> >There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
> >'certificate verify failed')]

> yeah, the server time was off. I just turned on ntpd, but I still get
> the error.

Can you check if the certificate on the client authenticates properly.

Check /etc/sysconfig/rhn/up2date and look for the sslCACert lines

sslCACert[comment]=The location of the SSL CA certificate.
sslCACert=/usr/share​/rhn/RHNS-CA-CERT

Check the certificate is the one from the current server:

openssl s_client -connect scoop:443 -CAfile /usr/share/rhn/RHNS-CA-CERT

You are looking for Verify return code: 0 (ok)

If the CA file does not match your server you will see

Verify return code: 18 (self signed certificate)

If this is the case you will need to copy /etc/current/RHNS-CA-CERT from
the current server to the client and put into your sslCACert location.

If the above steps still leave you with an error we'll need to check if
apache is using the current generated key/crt

Paul

--------------------​--------------------​--------------------​---------
To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
For additional commands, e-mail: users-help at current dot tigris dot org

Re: rhn_register

Reply

Author Stephen Mah <steve dot mah at oracle dot com>
Full name Stephen Mah <steve dot mah at oracle dot com>
Date 2003-04-18 15:14:20 PDT
Message pscannel at fws dot gov wrote:

>I'm now getting the following error:
># up2date --register
>There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
>'certificate verify failed')]
>
>Have you checked the times of the two systems to make sure they are close?
>Incorrect time is a common cause of this error.
>
>
>
>
>----------------​--------------------​--------------------​-------------
>To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
>For additional commands, e-mail: users-help at current dot tigris dot org
>
>
>
yeah, the server time was off. I just turned on ntpd, but I still get
the error.


-regards


--------------------​--------------------​--------------------​---------
To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
For additional commands, e-mail: users-help at current dot tigris dot org

Re: rhn_register

Reply

Author pscannel at fws dot gov
Full name pscannel at fws dot gov
Date 2003-04-18 11:22:09 PDT
Message I'm now getting the following error:
# up2date --register
There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed')]

Have you checked the times of the two systems to make sure they are close?
Incorrect time is a common cause of this error.




--------------------​--------------------​--------------------​---------
To unsubscribe, e-mail: users-unsubscribe@cu​rrent.tigris.org
For additional commands, e-mail: users-help at current dot tigris dot org
Messages per page: