The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.

1.7.2 osa-dispatcher Reports a Certificate Verification Failure

If the osa-dispatcher service does not start, you might see an error similar to the following if you attempt to start the service manually with the service osa-dispatcher start command (for Oracle Linux 6) or the systemctl start osa-dispatcher command (for Oracle Linux 7): 

Starting osa-dispatcher: Spacewalk 10611 2015/05/26 17:11:22 +01:00: ('Traceback caught:',)
Spacewalk 10611 2015/05/26 17:11:22 +01:00: ('Traceback (most recent call last):\n  
    File "/usr/share/rhn/osad/jabber_lib.py", line 631, in connect\n    
    ssl.do_handshake()\nError: [(\'SSL routines\', \'SSL3_GET_SERVER_CERTIFICATE\', 
    \'certificate verify failed\')]\n',)
                                                          [FAILED]

This error usually indicates that the system's host name does not match its FQDN in DNS, or that you specified an incorrect FQDN as the name of the Organization Unit when you installed Spacewalk.

To regenerate the SSL certificate, you can use the spacewalk-hostname-rename command, which is available in the spacewalk-utils package.

Note

If the host name has changed, spacewalk-hostname-rename prompts you to enter the same certificate password as you used when you created the existing certificate. To verify that you know the correct password before running spacewalk-hostname-rename, use the following command, which returns the base64-encoded private key if the password is correct and an unable to load Private Key error otherwise: 

# openssl rsa -in /root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY 
Enter pass phrase for /root/ssl-build/RHN-ORG-PRIVATE-SSL-KEY: cert_passwd
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvYQ/Enqo+T3WByuXiOQCpIh7eBFdqWt/e+cm3pfvGYBqi/1g
...
+rEs1ZK2mCoofnPzg2o097oPj5v4IHYh8Bmlssbk9BHvQ2ZQckSA
-----END RSA PRIVATE KEY-----

Run spacewalk-hostname-rename, specifying the IP address and FQDN of the server as arguments to the command, for example: 

# /usr/sbin/spacewalk-hostname-rename IP_address --ssl-orgunit=FQDN

After regenerating the SSL certificate, stop the jabberd and osa-dispatcher services, clear the jabberd database, and restart the jabberd and osa-dispatcher services.

For Oracle Linux 6, enter: 

# service jabberd stop
# service osa-dispatcher stop
# rm -Rf /var/lib/jabberd/db/*
# service jabberd start
# service osa-dispatcher start

For Oracle Linux 7, enter: 

# systemctl stop jabberd
# systemctl stop osa-dispatcher
# rm -Rf /var/lib/jabberd/db/*
# systemctl start jabberd
# systemctl start osa-dispatcher

On every client registered to the server, verify that the value of serverURL in /etc/sysconfig/rhn/up2date is configured with the correct server host name or IP value, for example: 

serverURL=https://swksvr.mydom.com/XMLRPC

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. Legal Notices