Chapter 7. Troubleshooting
50
To troubleshoot this, check the date and time on the clients and the Satellite with the following
command:
date
The results should be nearly identical for all machines and within the "notBefore" and "notAfter" validity
windows of the certificates. Check the client certificate dates and times with the following command:
openssl x509 -dates -noout -in /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Check the Satellite server certificate dates and times with the following command:
openssl x509 -dates -noout -in /etc/httpd/conf/ssl.crt/server.crt
By default, the server certificate has a one-year life while client certificates are good for 10 years. If
you find the certificates are incorrect, you can either wait for the valid start time, if possible, or create
new certificates, preferably with all system times set to GMT.
The following measures can be used to troubleshoot general connection errors:
• Attempt to connect to the RHN Satellite Server's database at the command line using the correct
connection string as found in
/etc/rhn/rhn.conf
:
sqlplus
username/password@sid
• Ensure the RHN Satellite Server is using Network Time Protocol (NTP) and set to the appropriate
time zone. This also applies to all client systems and the separate database machine in RHN
Satellite Server with Stand-Alone Database.
• Confirm the correct package:
7
rhn-org-httpd-ssl-key-pair-
MACHINE_NAME-VER-REL
.noarch.rpm
is installed on the RHN Satellite Server and the corresponding
rhn-org-trusted-ssl-cert-
*.noarch.rpm
or raw CA SSL public (client) certificate is installed on all client systems.
• Verify the client systems are configured to use the appropriate certificate.
• If also using one or more RHN Proxy Servers, ensure each Proxy's SSL certificates are prepared
correctly. The Proxy should have both its own server SSL key-pair and CA SSL public (client)
certificate installed, since it will serve in both capacities. Refer to the SSL Certificates chapter of the
RHN Client Configuration Guide
for specific instructions.
• Make sure client systems are not using firewalls of their own, blocking required ports as identified in
Section 2.4, “Additional Requirements”
.
7.5. Updated Software Components
Do not subscribe your RHN Satellite Server to any of the following child channels available from
RHN's central servers:
Содержание NETWORK SATELLITE 5.1.1 - RELEASE NOTES
Страница 1: ...Red Hat Network Satellite 5 1 1 Installation Guide Red Hat Network Satellite ...
Страница 18: ...14 ...
Страница 21: ...Satellite Proxy Vertically Tiered Topology 17 Figure 3 3 Satellite Proxy Vertically Tiered Topology ...
Страница 22: ...18 ...
Страница 36: ...32 ...
Страница 50: ...46 ...
Страница 56: ...52 ...
Страница 68: ...64 ...
Страница 71: ...67 Appendix B Revision History Revision History Revision 1 0 ...
Страница 72: ...68 ...