Client Registration SSL verification issue

Hi all,

I am experiencing an issue when attempting to register my client with my SUSE Manager Server. (this is my first time utilizing suse manager)

Everything seems to go fine as I progress through the suse manager installation documentation and I have edited my bootstrap.sh accordingly. When I run curl -Sks https://server-name/pub/bootstrap/my-edited-bootstrap-file.sh | /bin/bash everything appears to run fine until the Registration portion and I get the following error:

REGISTRATION

  • registering
    An error has occurred:
    The SSL certificate failed verification.
    See /var/log/up2date for more information

*** Error: Registering the system failed.

When I look at the log the only thing pertaining to the SSL error is:

File “usr/lib64/python2.6/site-packages/rhn/SSL.py”, line 230, in write
sent = self._connection.send(data)
<class ‘up2date_client.up2dateErrors.SSLCertificateVerifyFailedError’>: The SSL certificate failed verification.

Any help would be appreciated as I have been spinning on this for a couple of hours. I am sure it is something simple I am overlooking.

Hi
Is the SUSE Manager instance all up to date with patches etc?

And what system is the client your trying to register?


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Yes the client and server are both fully updated. The client is SLES 11 SP3 and the manager server is a trial version 2.1 (update to 3.0 I think it said once all the patches were applied)

Hi
You haven’t changed the SUSE Manager hostname or the like since the
install? This would cause a mis match of the CA cert.


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

No I have not changed the hostname of the manager, and I need to add this is all on Vsphere. The client and server are full virtual if that makes a difference.

[QUOTE=malcolmlewis;25823]Hi
You haven’t changed the SUSE Manager hostname or the like since the
install? This would cause a mis match of the CA cert.


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks![/QUOTE]

Hi Malcolmlewis,

I wanted to say thank you for your help and that I was able to find a resolution. I had to run an install “zypper install python-curl” and that ended up fixing the issue. I guess the default version of curl was making a good SSL cert seem as though it was bad upon import. Thanks again for your help!

Hi jstone4646,

[QUOTE=jstone4646;25829]Hi Malcolmlewis,

I wanted to say thank you for your help and that I was able to find a resolution. I had to run an install “zypper install python-curl” and that ended up fixing the issue. I guess the default version of curl was making a good SSL cert seem as though it was bad upon import. Thanks again for your help![/QUOTE]

thank you for reporting back your findings, so that others in the same situation can find this piece of information.

Do you have any indication that the package was missing because of some prior installation error? Else I’d call this a bug, since a required package was missing. OTOH, your report is the first one that I’ve come across and I would have expected a lot more users asking for help if this was a general dependency problem…

Regards,
Jens

Hi
Interesting, thought it may have been this sort of issue;
https://www.suse.com/support/kb/doc.php?id=7005356

If it happens on a future registration I imagine copying the updated
python-pycurl rpm
into /srv/www/htdocs/pub/repositories/susemanager-client-setup and it’s
relevant arch. Then run createrepo . in the susemanager-client-setup
directory to rebuild the data.


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

[QUOTE=jmozdzen;25830]Hi jstone4646,

thank you for reporting back your findings, so that others in the same situation can find this piece of information.

Do you have any indication that the package was missing because of some prior installation error? Else I’d call this a bug, since a required package was missing. OTOH, your report is the first one that I’ve come across and I would have expected a lot more users asking for help if this was a general dependency problem…

Regards,
Jens[/QUOTE]

Jmozdzen,

I am thinking I would call this a bug as well, I freshly installed another SLES 11 SP3 server this morning to make it a client to my SUSE Manager. I zypped the server up and made sure my repos were good, verified my bootstrap.sh was in order, /etc/hosts was good, etc…then I went to register and I got the same indication as before. I ran another zypper install python-curl and again that resolved the issue on this SLES box as well.

More specifics in case this is relevant my setup is as follows:

Everything is virtual utilizing 1 VSphere host Dell 710
SUSE Manager 2.1 (trial version) fully patched
client 1: SLES 11 SP3 fully patched (had to run zypper python-curl to register)
client 2: SLES 11 SP3 fully patched and installed this morning (had to run zypper python-curl to register)
clients 3 and 4: red hat 6 fully patched (registered without issue)
clients 5 and 6: CentOS 7 fully patched (have not registered yet)

Hi jstone4646,

[QUOTE=jstone4646;25839]Jmozdzen,

I am thinking I would call this a bug as well […][/QUOTE]

Can you open a SR for this, which would make sure it gets handled properly?

Regards,
Jens

jstone4646,

You said you were using “python-curl” in SLES 11 SP3:

Where did you get it from?

Hi
It should be on the install medium, when running the bootstrap script
on the machine your registering it get’s some files from the SUSE
Manager bootstrap repository and the rest from the install medium.


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.36-38-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Hi bmaryniuk,

You said you were using “python-curl” in SLES 11 SP3:
Where did you get it from?

while I’m not jstone4646 and thus cannot say where his/her RPM is from, I see it in the standard SLES11SP3 repositories:

S | Name | Type | Version | Arch | Repository --+-----------------+---------+----------------+--------+------------------- | python-curl | package | 7.19.0-5.2.1.2 | x86_64 | SLES11-SP3-Pool | python-curl-doc | package | 7.19.0-5.2.1.2 | x86_64 | SLE11-SDK-SP3-Pool

Regards,
Jens