uyuni
uyuni copied to clipboard
Root CA not send it to clients
Problem description
I used Uyuni with self-signed certs at this point. now today i update it with signed-certificate this command:
mgr-ssl-cert-setup --root-ca-file=my_company_root_ca.pem --server-cert-file=cert.pem --server-key-file=key.pem
After restart uyuni service and postgresql.
Run all salt clients the Highstate. it send it to clients the new "RHN-ORG-TRUSTED-SSL-CERT"
But if i try to run a zypper ref
i get curl 60 certificate error. i check on client side the /etc/pki/trust/anchors folder, but it only contain the "RHN-ORG-TRUSTED-SSL-CERT" but not my company root CA.
my workaround:
Copy my company root CA to /etc/pki/trust/anchors and run update-ca-certificates
command. It solve the probem, but if not possible to do this, without do the same all my clients?
Steps to reproduce
- update certificate (set/change root ca)
- Highstate clients
- run zypper ref
Uyuni version
Information for package Uyuni-Server-release:
---------------------------------------------
Repository : Uyuni Server Stable
Name : Uyuni-Server-release
Version : 2024.01-230900.212.1.uyuni3
Arch : x86_64
Vendor : obs://build.opensuse.org/systemsmanagement:Uyuni
Support Level : Level 3
Installed Size : 1.4 KiB
Installed : Yes
Status : up-to-date
Source package : Uyuni-Server-release-2024.01-230900.212.1.uyuni3.src
Summary : Uyuni Server
Description :
Uyuni lets you efficiently manage physical, virtual,
and cloud-based Linux systems. It provides automated and cost-effective
configuration and software management, asset management, and system
provisioning.
Uyuni proxy version (if used)
No response
Useful logs
No response
Additional information
No response
Please try to upgrade to uyuni 2024.02. There was a security update for salt, which broke something. The update may fix also your problem.
Seems to be stale, please feel free to reopen if the problem reappears :smiley: