Error in Updating servers on Uyuni Configuration Tool on Opensuse 15.4

[Zayan1221]

mgrcompat_|-sync_states_|-saltutil.sync_states_|-module_run:
name: saltutil.sync_states
changes:
ret: [
]
comment: Module function saltutil.sync_states executed
result: true
sls: util.syncstates
run_num: 0.0
start_time: '15:12:49.995622'
duration: 322.357
id: sync_states
pkg_|-mgr_absent_ca_package_|-rhn-org-trusted-ssl-cert_|-removed:
name: rhn-org-trusted-ssl-cert
changes: {
}
result: true
comment: All specified packages are already absent
sls: certs
run_num: 1.0
start_time: '15:12:52.654975'
duration: 49.629
id: mgr_absent_ca_package
file_|-mgr_ca_cert_|-/etc/pki/ca-trust/source/anchors/RHN-ORG-TRUSTED-SSL-CERT_|-managed:
changes: {
}
comment: File /etc/pki/ca-trust/source/anchors/RHN-ORG-TRUSTED-SSL-CERT is in the correct state
name: /etc/pki/ca-trust/source/anchors/RHN-ORG-TRUSTED-SSL-CERT
result: true
sls: certs
run_num: 2.0
start_time: '15:12:52.711937'
duration: 144.951
id: mgr_ca_cert
cmd_|-update-ca-certificates_|-/usr/bin/update-ca-trust extract_|-run:
changes: {
}
result: true
duration: 0.005
start_time: '15:12:52.858807'
comment: State was not run because none of the onchanges reqs changed
state_ran: false
run_num: 3.0
sls: certs
file_|-mgr_proxy_ca_cert_symlink_|-/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT_|-symlink:
result: true
name: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
changes: {
}
comment: onlyif condition is false
skip_watch: true
sls: certs
run_num: 4.0
start_time: '15:12:52.858943'
duration: 1466.991
id: mgr_proxy_ca_cert_symlink
file_|-mgrchannels_susemanagerplugin_yum_|-/usr/share/yum-plugins/susemanagerplugin.py_|-managed:
changes: {
}
comment: File /usr/share/yum-plugins/susemanagerplugin.py is in the correct state
name: /usr/share/yum-plugins/susemanagerplugin.py
result: true
sls: channels
run_num: 5.0
start_time: '15:12:54.326623'
duration: 70.674
id: mgrchannels_susemanagerplugin_yum
file_|-mgrchannels_susemanagerplugin_conf_yum_|-/etc/yum/pluginconf.d/susemanagerplugin.conf_|-managed:
changes: {
}
comment: File /etc/yum/pluginconf.d/susemanagerplugin.conf is in the correct state
name: /etc/yum/pluginconf.d/susemanagerplugin.conf
result: true
sls: channels
run_num: 6.0
start_time: '15:12:54.397604'
duration: 67.093
id: mgrchannels_susemanagerplugin_conf_yum
file_|-mgrchannels_enable_yum_plugins_|-/etc/yum.conf_|-replace:
result: true
name: /etc/yum.conf
changes: {
}
comment: onlyif condition is false
skip_watch: true
sls: channels
run_num: 7.0
start_time: '15:12:54.465020'
duration: 36.734
id: mgrchannels_enable_yum_plugins
file_|-mgrchannels_repo_|-/etc/yum.repos.d/susemanager:channels.repo_|-managed:
changes: {
}
comment: File /etc/yum.repos.d/susemanager:channels.repo is in the correct state
name: /etc/yum.repos.d/susemanager:channels.repo
result: true
sls: channels
run_num: 8.0
start_time: '15:12:54.503882'
duration: 114.002
id: mgrchannels_repo
cmd_|-mgrchannels_yum_clean_all_|-/usr/bin/yum clean all_|-run:
changes: {
}
result: true
duration: 0.005
start_time: '15:12:54.618710'
comment: State was not run because none of the onchanges reqs changed
state_ran: false
run_num: 9.0
sls: channels
cmd_|-trust_res_gpg_key_|-rpm --import https://uyunisuse.nmerit.net:443/pub/res-gpg-pubkey-0182b964.key_|-run:
name: rpm --import https://uyunisuse.nmerit.net:443/pub/res-gpg-pubkey-0182b964.key
changes:
pid: 3334.0
retcode: 1.0
stdout: ''
stderr: |-
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
error: https://uyunisuse.nmerit.net:443/pub/res-gpg-pubkey-0182b964.key: import read failed(2).
result: false
comment: Command "rpm --import https://uyunisuse.nmerit.net:443/pub/res-gpg-pubkey-0182b964.key" run
sls: channels
run_num: 10.0
start_time: '15:12:54.618849'
duration: 498.493
id: trust_res_gpg_key
? cmd_|-trust_suse_manager_tools_rhel_gpg_key_|-rpm --import https://uyunisuse.nmerit.net:443/pub/sle12-gpg-pubkey-39db7c82.key_|-run
: name: rpm --import https://uyunisuse.nmerit.net:443/pub/sle12-gpg-pubkey-39db7c82.key
changes:
pid: 3375.0
retcode: 1.0
stdout: ''
stderr: |-
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
error: https://uyunisuse.nmerit.net:443/pub/sle12-gpg-pubkey-39db7c82.key: import read failed(2).
result: false
comment: Command "rpm --import https://uyunisuse.nmerit.net:443/pub/sle12-gpg-pubkey-39db7c82.key" run
sls: channels
run_num: 11.0
start_time: '15:12:55.118011'
duration: 510.133
id: trust_suse_manager_tools_rhel_gpg_key
pkg_|-pkg_installed_|-pkg_installed_|-installed:
name: pkg_installed
result: false
changes: {
}
comment: "Error occurred installing package(s). Additional info follows:\n\nerrors:\n - Running scope as unit run-3387.scope.\n Loaded plugins:
\ fastestmirror, langpacks, susemanagerplugin\n Loading mirror speeds from cached hostfile\n https://uyunisuse.nmerit.net:443/rhn/manager/download/centos7-uyuni-client-x86_64/repodata/repomd.xml:\
\ [Errno 14] curl#51 - "Unable to communicate securely with peer: requested domain name does not match the server's certificate."\n Trying
\ other mirror.\n \n \n One of the configured repositories failed (Uyuni Client Tools for CentOS 7 (x86_64)),\n and yum doesn't
\ have enough cached data to continue. At this point the only\n safe thing yum can do is fail. There are a few ways to work "fix" this:\n
\ \n 1. Contact the upstream for the repository and get them to fix the problem.\n \n 2. Reconfigure the baseurl/etc.
\ for the repository, to point to a working\n upstream. This is most often useful if you are using a newer\n distribution
\ release than is supported by the repository (and the\n packages for the previous distribution release still work).\n \n
\ 3. Run the command with the repository temporarily disabled\n yum --disablerepo=susemanager:centos7-uyuni-client-x86_64
\ ...\n \n 4. Disable the repository permanently, so yum won't use it by default. Yum\n will then just ignore the repository
\ until you permanently enable it\n again or use --enablerepo for temporary usage:\n \n yum-config-manager --disable
\ susemanager:centos7-uyuni-client-x86_64\n or\n subscription-manager repos --disable=susemanager:centos7-uyuni-client-x86_64\n
\ \n 5. Configure the failing repository to be skipped, if it is unavailable.\n Note that yum will try to contact the
\ repo. when it runs most commands,\n so will have to try and fail each time (and thus. yum will be be much\n slower).
\ If it is a very temporary problem though, this is often a nice\n compromise:\n \n yum-config-manager --save
\ --setopt=susemanager:centos7-uyuni-client-x86_64.skip_if_unavailable=true\n \n failure: repodata/repomd.xml from susemanager:centos7-uyuni-client-x86_64:
\ [Errno 256] No more mirrors to try.\n https://uyunisuse.nmerit.net:443/rhn/manager/download/centos7-uyuni-client-x86_64/repodata/repomd.xml:\
\ [Errno 14] curl#51 - "Unable to communicate securely with peer: requested domain name does not match the server's certificate.""
sls: packages.pkginstall
run_num: 12.0
start_time: '15:12:55.664525'
duration: 5651.433
id: pkg_installed

[mcalmer]

curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
error: [https://uyunisuse.nmerit.net:443/pub/res-gpg-pubkey-0182b964.key](https://uyunisuse.nmerit.net/pub/res-gpg-pubkey-0182b964.key): import read failed(2).

Seems your server certificate does not identify you server with the name uyunisuse.nmerit.net.
Check your certificate with

$> openssl x509 -text -in /etc/pki/tls/certs/spacewalk.crt

Have a look at Subject Alternative Name if your name is listed.
If not, you need to generate a new with the right name and deploy it on the server.

[Zayan1221]

Thanks for the reply: I see this information in this File:

[root@spacewalk certs]# cat /etc/pki/tls/certs/spacewalk.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b2:e7:ad:b1:1a:1b:c8:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=IL, L=Evanston, O=NMSC, OU=spacewalk.nmerit.net, CN=spacewalk.nmerit.net
Validity
Not Before: Mar 5 15:08:52 2018 GMT
Not After : Mar 7 15:08:53 2036 GMT
Subject: C=US, ST=IL, O=NMSC, OU=spacewalk.nmerit.net, CN=spacewalk.nmerit.net/emailAddress=[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e2:8e:25:18:a7:b6:35:7a:1e:a4:5e:2b:08:6e:
27:3d:74:75:33:c9:77:29:02:48:8f:22:a3:75:a3:
cc:58:bd:03:3d:15:f6:ea:96:9b:2e:50:ba:72:f2:
f7:c5:cc:f7:5c:c4:b4:f6:1f:a8:c6:ce:b9:94:9c:
9e:b2:13:8c:3d:d7:3d:d7:95:3a:73:e4:88:48:31:
14:78:dc:98:41:fe:b6:b6:8b:a4:b3:be:cf:f4:6f:
02:1f:c7:fa:73:65:32:41:79:5e:29:3f:06:31:a9:
af:9e:8f:b7:bc:89:c2:9c:13:82:2c:d3:cf:2b:25:
1c:41:4e:a8:32:67:d2:a7:ef:dd:c2:f2:12:cd:09:
17:a7:cd:07:f3:f6:9a:73:06:5a:42:b3:b3:67:9f:
8d:32:91:65:bf:ac:89:49:07:98:4b:08:11:1a:81:
39:88:be:f1:e5:1d:9e:ea:af:bc:04:aa:a7:8c:2c:
17:33:03:7c:96:78:6c:c1:12:0f:dd:a7:09:6e:73:
05:45:8c:d9:fd:ab:48:6f:ee:08:59:bd:25:a3:ba:
96:30:54:3a:11:b4:54:88:a7:db:d9:81:d0:d0:1c:
b2:0d:5e:00:05:9a:ef:80:dc:71:37:e8:fc:ce:43:
69:74:7b:04:da:a5:90:48:e6:d3:6f:62:df:14:75:
a7:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Netscape Cert Type:
SSL Server
Netscape Comment:
RHN SSL Tool Generated Certificate
X509v3 Subject Key Identifier:
F9:E7:97:E2:02:BD:6A:31:48:16:AC:1C:13:4C:ED:B1:AE:F2:A2:82
X509v3 Authority Key Identifier:
keyid:38:7B:38:02:8F:BF:F0:A1:0D:C7:1C:4B:2C:4D:19:80:DD:9C:B5:93
DirName:/C=US/ST=IL/L=Evanston/O=NMSC/OU=spacewalk.nmerit.net/CN=spacewalk.nmerit.net
serial:B2:E7:AD:B1:1A:1B:C8:C3

        X509v3 Subject Alternative Name:
            DNS:spacewalk.nmerit.net
Signature Algorithm: sha256WithRSAEncryption
     4f:23:4f:2b:8c:59:03:12:f4:f0:ce:84:5a:75:2b:71:7c:1b:
     23:c4:50:9c:cc:5e:3f:02:30:8b:29:ee:42:97:e3:ab:69:0d:
     de:54:35:de:ad:8f:42:26:99:3c:42:e7:0a:04:61:4a:46:34:
     06:cd:12:e0:50:14:bf:2d:17:00:75:c8:4f:30:c0:55:a8:e1:
     e7:d9:7e:56:b8:31:e5:bf:40:b7:58:f9:11:79:dc:2f:28:68:
     43:94:37:b9:7a:dc:bf:33:de:da:5f:e0:31:4c:20:f3:97:02:
     62:75:e6:9b:7b:23:da:79:e7:43:46:24:8e:8f:d1:ee:58:67:
     b4:7b:e8:50:2b:d4:4b:9e:17:24:24:96:56:a4:34:22:dd:24:
     e3:c0:34:d8:77:bd:89:56:e1:6d:2a:a5:3e:47:b8:96:d4:d0:
     9e:93:e5:d1:5a:0f:cd:b9:ab:0f:b0:df:81:97:aa:82:7f:0b:
     ff:ea:50:b6:8d:85:25:9c:60:65:b6:89:7c:2b:63:9f:08:dd:
     8b:a4:4d:5a:80:94:09:0f:d3:58:d9:f8:23:8f:93:8c:97:fd:
     94:7c:c3:d3:1e:77:92:11:8d:1e:49:a1:50:0e:27:56:62:58:
     67:76:51:26:02:4f:d1:a5:51:2a:35:ba:a2:b9:23:59:f3:d0:
     97:42:a6:59

-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIJALLnrbEaG8jEMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJJTDERMA8GA1UEBwwIRXZhbnN0b24xDTALBgNVBAoM
BE5NU0MxHTAbBgNVBAsMFHNwYWNld2Fsay5ubWVyaXQubmV0MR0wGwYDVQQDDBRz
cGFjZXdhbGsubm1lcml0Lm5ldDAeFw0xODAzMDUxNTA4NTJaFw0zNjAzMDcxNTA4
NTNaMIGNMQswCQYDVQQGEwJVUzELMAkGA1UECAwCSUwxDTALBgNVBAoMBE5NU0Mx
HTAbBgNVBAsMFHNwYWNld2Fsay5ubWVyaXQubmV0MR0wGwYDVQQDDBRzcGFjZXdh
bGsubm1lcml0Lm5ldDEkMCIGCSqGSIb3DQEJARYVZWRtYXR0aGV3c0BubWVyaXQu
bmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4o4lGKe2NXoepF4r
CG4nPXR1M8l3KQJIjyKjdaPMWL0DPRX26pabLlC6cvL3xcz3XMS09h+oxs65lJye
shOMPdc915U6c+SISDEUeNyYQf62touks77P9G8CH8f6c2UyQXleKT8GMamvno+3
vInCnBOCLNPPKyUcQU6oMmfSp+/dwvISzQkXp80H8/aacwZaQrOzZ5+NMpFlv6yJ
SQeYSwgRGoE5iL7x5R2e6q+8BKqnjCwXMwN8lnhswRIP3acJbnMFRYzZ/atIb+4I
Wb0lo7qWMFQ6EbRUiKfb2YHQ0ByyDV4ABZrvgNxxN+j8zkNpdHsE2qWQSObTb2Lf
FHWnCwIDAQABo4IBcDCCAWwwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIGQDAxBglg
hkgBhvhCAQ0EJBYiUkhOIFNTTCBUb29sIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQU+eeX4gK9ajFIFqwcE0ztsa7yooIwgawGA1UdIwSBpDCBoYAUOHs4
Ao+/8KENxxxLLE0ZgN2ctZOhfqR8MHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJJ
TDERMA8GA1UEBwwIRXZhbnN0b24xDTALBgNVBAoMBE5NU0MxHTAbBgNVBAsMFHNw
YWNld2Fsay5ubWVyaXQubmV0MR0wGwYDVQQDDBRzcGFjZXdhbGsubm1lcml0Lm5l
dIIJALLnrbEaG8jDMB8GA1UdEQQYMBaCFHNwYWNld2Fsay5ubWVyaXQubmV0MA0G
CSqGSIb3DQEBCwUAA4IBAQBPI08rjFkDEvTwzoRadStxfBsjxFCczF4/AjCLKe5C
l+OraQ3eVDXerY9CJpk8QucKBGFKRjQGzRLgUBS/LRcAdchPMMBVqOHn2X5WuDHl
v0C3WPkRedwvKGhDlDe5ety/M97aX+AxTCDzlwJideabeyPaeedDRiSOj9HuWGe0
e+hQK9RLnhckJJZWpDQi3STjwDTYd72JVuFtKqU+R7iW1NCek+XRWg/NuasPsN+B
l6qCfwv/6lC2jYUlnGBltol8K2OfCN2LpE1agJQJD9NY2fgjj5OMl/2UfMPTHneS
EY0eSaFQDidWYlhndlEmAk/RpVEqNbqiuSNZ89CXQqZZ
-----END CERTIFICATE-----
[root@spacewalk certs]#

[mcalmer]

uyunisuse.nmerit.net is not the same as spacewalk.nmerit.net.
That certificate is not for that server.

[Zayan1221]

So should I change uyunisuse.nmerit.net which is Uyuni master server name with the client name which is spacewalk.nmerit.net and then save the file and run systemctl restart ??

[Zayan1221]

I see this currently:

X509v3 Subject Alternative Name:
DNS:spacewalk.nmerit.net

what should be the DNS: ?
Either uyunisuse.nmerit.net OR spacewalk.nmerit.net

[Zayan1221]

I have changed the DNS name from spacewalk.nmerit.net to uyunisuse.nmerit.net and try to patch/run the updates and see this error now:

mgrcompat_|-sync_states_|-saltutil.sync_states_|-module_run:
name: saltutil.sync_states
changes:
ret: [
]
comment: Module function saltutil.sync_states executed
result: true
sls: util.syncstates
run_num: 0.0
start_time: '11:00:54.612519'
duration: 244.111
id: sync_states
pkg_|-mgr_absent_ca_package_|-rhn-org-trusted-ssl-cert_|-removed:
name: rhn-org-trusted-ssl-cert
changes: {
}
result: true
comment: All specified packages are already absent
sls: certs
run_num: 1.0
start_time: '11:00:57.991888'
duration: 44.42
id: mgr_absent_ca_package
file_|-mgr_ca_cert_|-/etc/pki/ca-trust/source/anchors/RHN-ORG-TRUSTED-SSL-CERT_|-managed:
changes: {
}
comment: File /etc/pki/ca-trust/source/anchors/RHN-ORG-TRUSTED-SSL-CERT is in the correct state
name: /etc/pki/ca-trust/source/anchors/RHN-ORG-TRUSTED-SSL-CERT
result: true
sls: certs
run_num: 2.0
start_time: '11:00:58.038960'
duration: 93.565
id: mgr_ca_cert
cmd_|-update-ca-certificates_|-/usr/bin/update-ca-trust extract_|-run:
changes: {
}
result: true
duration: 0.004
start_time: '11:00:58.134255'
comment: State was not run because none of the onchanges reqs changed
state_ran: false
run_num: 3.0
sls: certs
file_|-mgr_proxy_ca_cert_symlink_|-/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT_|-symlink:
result: true
name: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
changes: {
}
comment: onlyif condition is false
skip_watch: true
sls: certs
run_num: 4.0
start_time: '11:00:58.134381'
duration: 1068.231
id: mgr_proxy_ca_cert_symlink
file_|-mgrchannels_susemanagerplugin_yum_|-/usr/share/yum-plugins/susemanagerplugin.py_|-managed:
changes: {
}
comment: File /usr/share/yum-plugins/susemanagerplugin.py is in the correct state
name: /usr/share/yum-plugins/susemanagerplugin.py
result: true
sls: channels
run_num: 5.0
start_time: '11:00:59.203239'
duration: 68.755
id: mgrchannels_susemanagerplugin_yum
file_|-mgrchannels_susemanagerplugin_conf_yum_|-/etc/yum/pluginconf.d/susemanagerplugin.conf_|-managed:
changes: {
}
comment: File /etc/yum/pluginconf.d/susemanagerplugin.conf is in the correct state
name: /etc/yum/pluginconf.d/susemanagerplugin.conf
result: true
sls: channels
run_num: 6.0
start_time: '11:00:59.272258'
duration: 64.021
id: mgrchannels_susemanagerplugin_conf_yum
file_|-mgrchannels_enable_yum_plugins_|-/etc/yum.conf_|-replace:
result: true
name: /etc/yum.conf
changes: {
}
comment: onlyif condition is false
skip_watch: true
sls: channels
run_num: 7.0
start_time: '11:00:59.336546'
duration: 36.073
id: mgrchannels_enable_yum_plugins
file_|-mgrchannels_repo_|-/etc/yum.repos.d/susemanager:channels.repo_|-managed:
changes: {
}
comment: File /etc/yum.repos.d/susemanager:channels.repo is in the correct state
name: /etc/yum.repos.d/susemanager:channels.repo
result: true
sls: channels
run_num: 8.0
start_time: '11:00:59.374739'
duration: 112.902
id: mgrchannels_repo
cmd_|-mgrchannels_yum_clean_all_|-/usr/bin/yum clean all_|-run:
changes: {
}
result: true
duration: 0.004
start_time: '11:00:59.488528'
comment: State was not run because none of the onchanges reqs changed
state_ran: false
run_num: 9.0
sls: channels
cmd_|-trust_res_gpg_key_|-rpm --import https://uyunisuse.nmerit.net:443/pub/res-gpg-pubkey-0182b964.key_|-run:
name: rpm --import https://uyunisuse.nmerit.net:443/pub/res-gpg-pubkey-0182b964.key
changes:
pid: 4969.0
retcode: 1.0
stdout: ''
stderr: |-
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
error: https://uyunisuse.nmerit.net:443/pub/res-gpg-pubkey-0182b964.key: import read failed(2).
result: false
comment: Command "rpm --import https://uyunisuse.nmerit.net:443/pub/res-gpg-pubkey-0182b964.key" run
sls: channels
run_num: 10.0
start_time: '11:00:59.488652'
duration: 553.734
id: trust_res_gpg_key
? cmd_|-trust_suse_manager_tools_rhel_gpg_key_|-rpm --import https://uyunisuse.nmerit.net:443/pub/sle12-gpg-pubkey-39db7c82.key_|-run
: name: rpm --import https://uyunisuse.nmerit.net:443/pub/sle12-gpg-pubkey-39db7c82.key
changes:
pid: 5020.0
retcode: 1.0
stdout: ''
stderr: |-
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
error: https://uyunisuse.nmerit.net:443/pub/sle12-gpg-pubkey-39db7c82.key: import read failed(2).
result: false
comment: Command "rpm --import https://uyunisuse.nmerit.net:443/pub/sle12-gpg-pubkey-39db7c82.key" run
sls: channels
run_num: 11.0
start_time: '11:01:00.043016'
duration: 587.196
id: trust_suse_manager_tools_rhel_gpg_key
pkg_|-pkg_installed_|-pkg_installed_|-installed:
name: pkg_installed
result: false
changes: {
}
comment: "Error occurred installing package(s). Additional info follows:\n\nerrors:\n - Running scope as unit run-5105.scope.\n Loaded plugins:
\ fastestmirror, langpacks, susemanagerplugin\n Loading mirror speeds from cached hostfile\n https://uyunisuse.nmerit.net:443/rhn/manager/download/centos7-uyuni-client-x86_64/repodata/repomd.xml:\
\ [Errno 14] curl#51 - "Unable to communicate securely with peer: requested domain name does not match the server's certificate."\n Trying
\ other mirror.\n \n \n One of the configured repositories failed (Uyuni Client Tools for CentOS 7 (x86_64)),\n and yum doesn't
\ have enough cached data to continue. At this point the only\n safe thing yum can do is fail. There are a few ways to work "fix" this:\n
\ \n 1. Contact the upstream for the repository and get them to fix the problem.\n \n 2. Reconfigure the baseurl/etc.
\ for the repository, to point to a working\n upstream. This is most often useful if you are using a newer\n distribution
\ release than is supported by the repository (and the\n packages for the previous distribution release still work).\n \n
\ 3. Run the command with the repository temporarily disabled\n yum --disablerepo=susemanager:centos7-uyuni-client-x86_64
\ ...\n \n 4. Disable the repository permanently, so yum won't use it by default. Yum\n will then just ignore the repository
\ until you permanently enable it\n again or use --enablerepo for temporary usage:\n \n yum-config-manager --disable
\ susemanager:centos7-uyuni-client-x86_64\n or\n subscription-manager repos --disable=susemanager:centos7-uyuni-client-x86_64\n
\ \n 5. Configure the failing repository to be skipped, if it is unavailable.\n Note that yum will try to contact the
\ repo. when it runs most commands,\n so will have to try and fail each time (and thus. yum will be be much\n slower).
\ If it is a very temporary problem though, this is often a nice\n compromise:\n \n yum-config-manager --save
\ --setopt=susemanager:centos7-uyuni-client-x86_64.skip_if_unavailable=true\n \n failure: repodata/repomd.xml from susemanager:centos7-uyuni-client-x86_64:
\ [Errno 256] No more mirrors to try.\n https://uyunisuse.nmerit.net:443/rhn/manager/download/centos7-uyuni-client-x86_64/repodata/repomd.xml:\
\ [Errno 14] curl#51 - "Unable to communicate securely with peer: requested domain name does not match the server's certificate.""
sls: packages.pkginstall
run_num: 12.0
start_time: '11:01:00.668761'
duration: 18049.02
id: pkg_installed
(code 2)

[mcalmer]

These are SSL Certificates which are digitaly signed. You cannot just change texts as this is just the human readable presentation of the block at the end.
You need to generate a new server certificate.
I think you created the old cert with uyuni as well and you have the CA in /root/ssl-build/ directory.

Please follow https://www.uyuni-project.org/uyuni-docs/en/uyuni/administration/ssl-certs-selfsigned.html#_re_create_existing_server_certificates to create a new one with the right names.

https://www.uyuni-project.org/uyuni-docs/en/uyuni/administration/ssl-certs-imported.html#_replace_certificates this explain how to deploy it

Good luck

[Zayan1221]

If I create these New CA /SSL /Key will the OLD client still work ? or something to do on old clients as well.

[Zayan1221]

Hello,

Where I can get the below information from , locationplease:

mgr-ssl-cert-setup --root-ca-file=<Path_to_Root_CA_Certificate> --server-cert-file=<Server_Cert_File> --server-key-file=<Server_Key_File>

<Path_to_Root_CA_Certificate> ??

<Server_Cert_File> ???

<Server_Key_File> ??

I have tried this but Error:

uyunisuse:~/ssl-build # mgr-ssl-cert-setup --root-ca-file=rhn-ca-openssl.cnf --server-cert-file=RHN-ORG-TRUSTED-SSL-CERT --server-key-file=RHN-ORG-PRIVATE-SSL-KEY
Invalid RSA Key: unable to load Private Key
140680317957952:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:643:
140680317957952:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:crypto/pkcs12/p12_decr.c:63:
140680317957952:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto/pkcs12/p12_decr.c:94:
140680317957952:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

ERROR: Unable to read the server key. Encrypted?

[Zayan1221]

mgr-ssl-cert-setup --root-ca-file=<Path_to_Root_CA_Certificate> --server-cert-file=<Server_Cert_File> --server-key-file=<Server_Key_File>

What would be the values for this command.

[Zayan1221]

Hello ,
I need to Update from OpenSuse 12.1 to OpenSuse 15.4 - Can I have any steps ? or Documentation.

cat /etc/os-release
NAME=openSUSE
VERSION = 12.1 (Asparagus)
VERSION_ID="12.1"
PRETTY_NAME="openSUSE 12.1 (Asparagus) (x86_64)"
ID=opensuse