SSL Cert not installed correctly anymore on SuMa clients

SUSE Manager
1

We’ve got an RPM with Suse Manager SSL Certificate “rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm”
This rpm contains one file named “/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CER”.

The latest bootstrap script does not install this certficate correctly anymore.

What is missing ? This:

ln -s /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem update-ca-certificates

Inside the Bootstrap Script I can see this comment:
# symlink & update certificates is already done in rpm post-install script
# no need to be done again if we have installed rpm

But this is not true for us. The rpm has no rpm post-install script.
Maybe because it was created in 2016 with an older version os SuMa?

How can I recreate the rpm with post-install script ?

2

I think you are on the right way. The ways to configure a CA certificate on different OSes and OS versions got more and more complex over the years.
If you want to generate a new RPM with current post script call these commands:

$> rhn-ssl-tool --gen-ca --rpm-only --dir="/root/ssl-build"
$> /usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \\
    --target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/
3

[QUOTE=mcalmer;56110]I think you are on the right way. The ways to configure a CA certificate on different OSes and OS versions got more and more complex over the years.
If you want to generate a new RPM with current post script call these commands:

$> rhn-ssl-tool --gen-ca --rpm-only --dir="/root/ssl-build" $> /usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \\ --target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/ [/QUOTE]

Thank you very much. That worked perfectly. :slight_smile:
The first command just created the rpm with existing Certificate and nothing else - that’s exactly what I wanted.