PDA

View Full Version : Client Registration SSL verification issue



jstone4646
14-Jan-2015, 19:12
Hi all,

I am experiencing an issue when attempting to register my client with my SUSE Manager Server. (this is my first time utilizing suse manager)

Everything seems to go fine as I progress through the suse manager installation documentation and I have edited my bootstrap.sh accordingly. When I run curl -Sks https://*server-name*/pub/bootstrap/*my-edited-bootstrap-file*.sh | /bin/bash everything appears to run fine until the Registration portion and I get the following error:



REGISTRATION
-----------------
* registering
An error has occurred:
The SSL certificate failed verification.
See /var/log/up2date for more information

*** Error: Registering the system failed.


When I look at the log the only thing pertaining to the SSL error is:


File "usr/lib64/python2.6/site-packages/rhn/SSL.py", line 230, in write
sent = self._connection.send(data)
<class 'up2date_client.up2dateErrors.SSLCertificateVerify FailedError'>: The SSL certificate failed verification.


Any help would be appreciated as I have been spinning on this for a couple of hours. I am sure it is something simple I am overlooking.

malcolmlewis
14-Jan-2015, 20:35
On Wed 14 Jan 2015 06:14:01 PM CST, jstone4646 wrote:


Hi all,

I am experiencing an issue when attempting to register my client with my
SUSE Manager Server. (this is my first time utilizing suse manager)

Everything seems to go fine as I progress through the suse manager
installation documentation and I have edited my bootstrap.sh
accordingly. When I run curl -Sks
https://*server-name*/pub/bootstrap/*my-edited-bootstrap-file*.sh |
/bin/bash everything appears to run fine until the Registration portion
and I get the following error:



REGISTRATION
-----------------
* registering
An error has occurred:
The SSL certificate failed verification.
See /var/log/up2date for more information

*** Error: Registering the system failed.


When I look at the log the only thing pertaining to the SSL error is:


File "usr/lib64/python2.6/site-packages/rhn/SSL.py", line 230, in write
sent = self._connection.send(data)
<class 'up2date_client.up2dateErrors.SSLCertificateVerify FailedError'>:
The SSL certificate failed verification.


Any help would be appreciated as I have been spinning on this for a
couple of hours. I am sure it is something simple I am overlooking.




Hi
Is the SUSE Manager instance all up to date with patches etc?

And what system is the client your trying to register?

--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

jstone4646
15-Jan-2015, 04:16
Yes the client and server are both fully updated. The client is SLES 11 SP3 and the manager server is a trial version 2.1 (update to 3.0 I think it said once all the patches were applied)

malcolmlewis
15-Jan-2015, 05:34
On Thu 15 Jan 2015 03:24:02 AM CST, jstone4646 wrote:


Yes the client and server are both fully updated. The client is SLES 11
SP3 and the manager server is a trial version 2.1 (update to 3.0 I think
it said once all the patches were applied)




Hi
You haven't changed the SUSE Manager hostname or the like since the
install? This would cause a mis match of the CA cert.

--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

jstone4646
15-Jan-2015, 13:19
No I have not changed the hostname of the manager, and I need to add this is all on Vsphere. The client and server are full virtual if that makes a difference.

jstone4646
15-Jan-2015, 13:34
Hi
You haven't changed the SUSE Manager hostname or the like since the
install? This would cause a mis match of the CA cert.

--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

Hi Malcolmlewis,

I wanted to say thank you for your help and that I was able to find a resolution. I had to run an install "zypper install python-curl" and that ended up fixing the issue. I guess the default version of curl was making a good SSL cert seem as though it was bad upon import. Thanks again for your help!

jmozdzen
15-Jan-2015, 13:45
Hi jstone4646,

Hi Malcolmlewis,

I wanted to say thank you for your help and that I was able to find a resolution. I had to run an install "zypper install python-curl" and that ended up fixing the issue. I guess the default version of curl was making a good SSL cert seem as though it was bad upon import. Thanks again for your help!

thank you for reporting back your findings, so that others in the same situation can find this piece of information.

Do you have any indication that the package was missing because of some prior installation error? Else I'd call this a bug, since a required package was missing. OTOH, your report is the first one that I've come across and I would have expected a lot more users asking for help if this was a general dependency problem...

Regards,
Jens

malcolmlewis
15-Jan-2015, 14:22
On Thu 15 Jan 2015 12:44:02 PM CST, jstone4646 wrote:


malcolmlewis;25823 Wrote:
> Hi
> You haven't changed the SUSE Manager hostname or the like since the
> install? This would cause a mis match of the CA cert.
>
> --
> Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter
> #276890)
> SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
> If you find this post helpful and are logged into the web interface,
> please show your appreciation and click on the star below... Thanks!

Hi Malcolmlewis,

I wanted to say thank you for your help and that I was able to find a
resolution. I had to run an install "zypper install python-curl" and
that ended up fixing the issue. I guess the default version of curl was
making a good SSL cert seem as though it was bad upon import. Thanks
again for your help!




Hi
Interesting, thought it may have been this sort of issue;
https://www.suse.com/support/kb/doc.php?id=7005356

If it happens on a future registration I imagine copying the updated
python-pycurl rpm
into /srv/www/htdocs/pub/repositories/susemanager-client-setup and it's
relevant arch. Then run createrepo . in the susemanager-client-setup
directory to rebuild the data.

--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

jstone4646
15-Jan-2015, 17:31
Hi jstone4646,


thank you for reporting back your findings, so that others in the same situation can find this piece of information.

Do you have any indication that the package was missing because of some prior installation error? Else I'd call this a bug, since a required package was missing. OTOH, your report is the first one that I've come across and I would have expected a lot more users asking for help if this was a general dependency problem...

Regards,
Jens

Jmozdzen,

I am thinking I would call this a bug as well, I freshly installed another SLES 11 SP3 server this morning to make it a client to my SUSE Manager. I zypped the server up and made sure my repos were good, verified my bootstrap.sh was in order, /etc/hosts was good, etc...then I went to register and I got the same indication as before. I ran another zypper install python-curl and again that resolved the issue on this SLES box as well.

More specifics in case this is relevant my setup is as follows:

Everything is virtual utilizing 1 VSphere host Dell 710
SUSE Manager 2.1 (trial version) fully patched
client 1: SLES 11 SP3 fully patched (had to run zypper python-curl to register)
client 2: SLES 11 SP3 fully patched and installed this morning (had to run zypper python-curl to register)
clients 3 and 4: red hat 6 fully patched (registered without issue)
clients 5 and 6: CentOS 7 fully patched (have not registered yet)

jmozdzen
15-Jan-2015, 17:47
Hi jstone4646,

Jmozdzen,

I am thinking I would call this a bug as well [...]

Can you open a SR for this, which would make sure it gets handled properly?

Regards,
Jens

bmaryniuk
04-Mar-2015, 15:58
jstone4646,

You said you were using "python-curl" in SLES 11 SP3:



client 1: SLES 11 SP3 fully patched (had to run zypper python-curl to register)
client 2: SLES 11 SP3 fully patched and installed this morning (had to run zypper python-curl to register)


Where did you get it from?

malcolmlewis
04-Mar-2015, 16:20
On Wed 04 Mar 2015 03:04:01 PM CST, bmaryniuk wrote:


jstone4646,

You said you were using "python-curl" in SLES 11 SP3:

jstone4646;25839 Wrote:
>
> client 1: SLES 11 SP3 fully patched (had to run zypper python-curl to
> register)
> client 2: SLES 11 SP3 fully patched and installed this morning (had to
> run zypper python-curl to register)
>

Where did you get it from?




Hi
It should be on the install medium, when running the bootstrap script
on the machine your registering it get's some files from the SUSE
Manager bootstrap repository and the rest from the install medium.

--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.36-38-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

jmozdzen
04-Mar-2015, 17:13
Hi bmaryniuk,

> You said you were using "python-curl" in SLES 11 SP3:
> Where did you get it from?

while I'm not jstone4646 and thus cannot say where his/her RPM is from, I see it in the standard SLES11SP3 repositories:

S | Name | Type | Version | Arch | Repository
--+-----------------+---------+----------------+--------+-------------------
| python-curl | package | 7.19.0-5.2.1.2 | x86_64 | SLES11-SP3-Pool
| python-curl-doc | package | 7.19.0-5.2.1.2 | x86_64 | SLE11-SDK-SP3-Pool

Regards,
Jens