Results 1 to 3 of 3

Thread: SSL Cert not installed correctly anymore on SuMa clients

  1. #1

    SSL Cert not installed correctly anymore on SuMa clients

    We've got an RPM with Suse Manager SSL Certificate "rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm"
    This rpm contains one file named "/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CER".

    The latest bootstrap script does not install this certficate correctly anymore.

    What is missing ? This:

    Code:
    ln -s /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem
    update-ca-certificates
    Inside the Bootstrap Script I can see this comment:
    # symlink & update certificates is already done in rpm post-install script
    # no need to be done again if we have installed rpm

    But this is not true for us. The rpm has no rpm post-install script.
    Maybe because it was created in 2016 with an older version os SuMa?

    How can I recreate the rpm with post-install script ?

  2. Re: SSL Cert not installed correctly anymore on SuMa clients

    I think you are on the right way. The ways to configure a CA certificate on different OSes and OS versions got more and more complex over the years.
    If you want to generate a new RPM with current post script call these commands:

    Code:
    $> rhn-ssl-tool --gen-ca --rpm-only --dir="/root/ssl-build"
    $> /usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \
        --target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/

  3. #3

    Re: SSL Cert not installed correctly anymore on SuMa clients

    Quote Originally Posted by mcalmer View Post
    I think you are on the right way. The ways to configure a CA certificate on different OSes and OS versions got more and more complex over the years.
    If you want to generate a new RPM with current post script call these commands:

    Code:
    $> rhn-ssl-tool --gen-ca --rpm-only --dir="/root/ssl-build"
    $> /usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \
        --target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/
    Thank you very much. That worked perfectly.
    The first command just created the rpm with existing Certificate and nothing else - that's exactly what I wanted.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •