Reparing expired RHN certificate

If your server stopped receive updates from RHN with error:

[('SSL routines', 'SSL23_WRITE', 'ssl handshake failure')]
then it may be probably because of expired RHN certificate located as /usr/share/rhn/RHNS-CA-CERT. This file is a part of rhn-client-tools RPM. I have updated this RPM according to RedHat advice, however still have a problem.

When looking into certificate file directly with vi, I saw both certificates (old,expired and renewed one) concatenated in one file. It looks like causing problem for tools.

Solution

Just remove first, expired, part.

The rest of file should begin as:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 42 (0x2a)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com
        Validity
            Not Before: Feb 26 21:07:08 2010 GMT
            Not After : Feb 24 21:07:08 2020 GMT
....

If this was helpfull, please donate
Updated on Sun Nov 10 13:49:32 IST 2013 by Oleg Volkov More documentations here