Your Satellite Certificate has Expired (Spacewalk)

Renew your satellite certificate for Spacewalk on CentOS 6.

Update 2018

Please use the link to the Spacewalk project Github page for instructions on how to refresh the certificate:

https://github.com/spacewalkproject/spacewalk/wiki/Refreshing-certificate

The link was originally posted on RedHat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1600868

Renew Spacewalk Certificate

Existing certificate’s expiration date:

# grep expires /usr/share/spacewalk/setup/spacewalk-public.cert
  <rhn-cert-field name="expires">2015-07-13 00:00:00</rhn-cert-field>

Here is the new certificate:

# cat /usr/share/spacewalk/setup/spacewalk-public.cert
<?xml version="1.0" encoding="UTF-8"?>
<rhn-cert version="0.1">
 <rhn-cert-field name="product">SPACEWALK-001</rhn-cert-field>
 <rhn-cert-field name="owner">Spacewalk Default Organization</rhn-cert-field>
 <rhn-cert-field name="issued">2007-07-13 00:00:00</rhn-cert-field>
 <rhn-cert-field name="expires">2018-07-13 00:00:00</rhn-cert-field>
 <rhn-cert-field name="slots">20000</rhn-cert-field>
 <rhn-cert-field name="monitoring-slots">20000</rhn-cert-field>
 <rhn-cert-field name="provisioning-slots">20000</rhn-cert-field>
 <rhn-cert-field name="virtualization_host">20000</rhn-cert-field>
 <rhn-cert-field name="virtualization_host_platform">20000</rhn-cert-field>
 <rhn-cert-field name="satellite-version">spacewalk</rhn-cert-field>
 <rhn-cert-field name="generation">2</rhn-cert-field>
 <rhn-cert-signature>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEABECAAYFAlNg/40ACgkQnnKdrwaUeTIXqwCgmRiTmzFuO7x3bitYPWcJFsZe
UPgAn0kTzWo7xUGDpedM0No9nEnWa84P
=FTXc
-----END PGP SIGNATURE-----
</rhn-cert-signature>
</rhn-cert>

Activate:

# rhn-satellite-activate --rhn-cert /usr/share/spacewalk/setup/spacewalk-public.cert --disconnected
Pushing scout configs to all monitoring scouts

References

http://kernelmanic.com/?p=1
https://www.redhat.com/archives/spacewalk-list/2014-December/msg00034.html

24 thoughts on “Your Satellite Certificate has Expired (Spacewalk)

    • Yes, the maintainer of the software has to update the certificate. This happens every 3 years or so. There is a bug report created for this issue.

      You can wait for an updated certificate to be released, or if you’re in a rush, you can use your GPG key to sign a modified spacewalk-public.cert.

  1. Thanks for keeping us operational!
    I will keep walking back to this link to confirm when a new key has shown up for download!

  2. Can you help me?
    I do all like in
    https://github.com/spacewalkproject/spacewalk/wiki/Refreshing-certificate
    but have error:
    rhn-satellite-activate –disconnected –rhn-cert=spacewalk-public.cert

    ERROR: unhandled exception occurred:
    Traceback (most recent call last):
    File “/usr/bin/rhn-satellite-activate”, line 42, in
    sys.exit(abs(mod.main() or 0))
    File “/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_satellite _activate.py”, line 576, in main
    date = expiredYN(options.rhn_cert)
    File “/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_satellite _activate.py”, line 444, in expiredYN
    expires = time.mktime(time.strptime(sc.expires, sc.datesFormat_cert))-time.t imezone
    OverflowError: mktime argument out of range

    • Oh, I don’t have such old version of Spacewalk to test with I’m afraid.

      The error that you posted suggests a problem related to the expiration year of the certificate, which is set to 2100. This value might exceed some sort of a limit.

  3. Shutdown SW service before update the database schema “/usr/sbin/spacewalk-service stop”
    Modified “spacewalk.repo” to “2.6” and run “yum update”
    Once new packages are successfully loaded, run below commands:
    “systemctl daemon-reload”
    “spacewalk-setup –external-postgresql –upgrade”
    “/usr/bin/spacewalk-schema-upgrade”

    You should be good if you will get below output :)
    The database schema was upgraded to version [spacewalk-schema-2.6.17-1.el7].

  4. Hi,

    I am getting the same certificate expired error. I have Spacewalk 2.6 version. How to get the certificate for Spacewalk 2.6.

  5. Day 5 of 24 before Spacewalk becomes a brick. Should I become concerned and start giving RH people calls about this?

  6. Oh, just to explain why I need to continue using certs – The environment that I currently support is running version 2.1….

    So, unless you have a terrific way of going from 2.1 to a current, and very stable release, I’ll be staying put for a while.

    :) Thanks for the help, both here and on bugzilla.redhat.com!!!

    • Spacewalk 2.1 is a really old version… This is just my experience, but I didn’t have problems upgrading Spacewalk 2.2 to 2.7 (over time as releases became available). I then moved to Katello.

  7. Could some one has a idea is there a change spacewalk will create new certificate ? or do we good to go with spacewalk-public.cert . Please advice. thanks
    Samsir

    • Spacewalk 2.5 (and higher) doesn’t use the entitlement certificate anymore, therefore I don’t think a new one will be created.

Leave a Reply

Your email address will not be published. Required fields are marked *