Red Hat Network (RHN Classic) SSL CA certificate renewal notice

Updated -

The Red Hat Network (RHN Classic) CA SSL certificate is distributed with products that connect to the Red Hat Network, such as Red Hat Enterprise Linux, and is used to verify the product's secure connection to the service.

The CA certificate contained in older rhn client packages (those prior to erratas listed on https://access.redhat.com/site/solutions/353033) expires in August 2013 and will result in connection failures after RHN Classic renews the certificate on August 12th, 2013.

Please make sure your systems running Red Hat Enterprise Linux versions 5 or earlier [1] have updated rhn client packages which contain the new certificate in order to continue to connect to the Red Hat Network securely after August 12, 2013 - refer to this solution for affected rhn client packages/versions and for instructions on updating the packages.

If the CA certificate is not updated, your Red Hat Enterprise Linux systems will no longer be able to securely connect to RHN Classic and receive updates. Systems running Red Hat Enterprise Linux 6 or above, and/or using Red Hat Subscription Management, are not impacted.

[1] This also includes Red Hat Satellite and Proxy servers themselves in connected mode, and client systems in RHEL client->Red Hat Proxy Server->RHN Classic configurations.

8 Comments

To give some more clarity, from your client

less /usr/share/rhn/RHNS-CA-CERT
it has an expiry of Aug 26, 2013.

This can be updated by running yum upgrade rhn-client-tools

It doesn't seem to work that way, I just installed the newest rhn-client-tools (1.0.0.1-8.el6) for RHEL6, and I still have the certificate that expires on August 26th 2013. And all of my systems cannot contact yum.

Mathew, were you able to workaround the certificate expiration problem? I, too, running on RHEL6 with 5.6 Satellite, after upgrading it with the newest rhn-client-tools (rhn-client-tools-1.0.0.1-16.el6), it didn't work for me neither.
Thanks.

same problem here. updating rhn-client-tools doesn't help. certificate is still expired!?!
where to get a new certificate?
regards Jojo

Has anyone figured out a solution to this problem?

I also have this problem with RHEL 6.2 and rhn-client-tools-1.0.0.1-16

I saw the other article on this, tried all the other adjustments (inc installing rhn-client and rhn-setup, etc.) but still the same error

Cert is identical to other working servers and serverURL in up2date file is also the same

Please see this article from RedHat:

9.3.2. Deploying Client SSL Certificates
To ensure secure data transfer, Red Hat strongly recommends the use of SSL. The RHN Satellite Server eases implementation of SSL by generating the necessary certificates during its installation. The server-side certificate is automatically installed on the Satellite itself, while the client certificate is placed in the /pub/ directory of the Satellite's Web server.
To install the certificate, follow these steps for each client:

Download the SSL certificate from the /var/www/html/pub/ directory of the RHN Satellite Server onto the client system. The certificate will be named something similar to RHN-ORG-TRUSTED-SSL-CERT. It is accessible via the web at the following URL: https://your-satellite.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT.
Move the client SSL certificate to the RHN-specific directory for your UNIX variant. For Solaris, this can be accomplished with a command similar to:

 mv /path/to/RHN-ORG-TRUSTED-SSL-CERT /opt/redhat/rhn/solaris/usr/share/rhn/ 

this worked for me