a few comments to installations via https:
First it is not an easy going like most times :-).
To configure addon installation sources for https transport following steps are necessary: 1. unpack your initrd somewhere 2. copy your ca certificate in pem format into <unpacked_initrd_path>/etc/ssl/certs 2. call c_rehash <unpacked initrd_path>/etc/ssl/certs 3. create <unpacked_initrd_path>/root/.curlrc with following content: --capath = /etc/ssl/certs/ 4. pack your initrd 5. copy your initrd into your installation source
Unfortunately above procedure is only working with add_on products. If you specify the main installation source via https you get a non working netsetup. I included netsetup=1, ssh=1 and other parameters. But I have not been asked for any network parameter. I even tried to specify all parameters at boot prompt like netmask, hostip, gateway but it did not work either. I always end with a message: "could not find the SuSE Linux Enterprise Server 11 Repository ..."
There seems to be some routine which bypasses the whole netsetup when installation source is specified with HTTPS.
When I change it to HTTP everything works like expected. And I get the add_on_product HTTPS.
Any clue how to solve the problem with the installation source?
Uwe Gansert email@example.com schrieb am 7/19/2011 um 13.17 Uhr in Nachricht
on Tuesday 19 July 2011 Jochen Schaefer wrote:
Hm, the profile is loaded via https which can be seen in apache2 ssl_request_log. But for installation source /var/log/YaST/y2log shows error 1409086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
oh, I see. You are trying to install via HTTPS. I was thinking you only want
to read the XML file. Installation about https I never tried and I'd have to check the zypp backend how it handles certificates but it looks like it does not accept self signed
certificates. You'd have to manipulate the initrd or the inst-sys via driverupdate and put your CA into /etc/ssl/certs Then it should work.