You also need to update the certificate for jabberd and you should also add this new root CA to the system certificates path. Am 30. Jan. 2023, 18:54, um 18:54, "Crefeld, Tobias LKV Bayern e.V." <tobias.crefeld@lkv.bayern.de> schrieb:
Hi,
since some weeks we receive (usually after a reboot of the Uyuni server) "TASCOMATIC NOTICATIONS": Subtask kickstartfile-sync failed. Subtask cobbler-sync failed.
At the log file /var/log/rhn/rhn_taskomatic_daemon.log we see messages like these one:
2023-01-30 18:15:00,201 [DefaultQuartzScheduler_Worker-12] ERROR com.redhat.rhn.manager.kickstart.cobbler.CobblerLoginCommand - XmlRpcFault while logging in. most likely user doesn't have permissions. redstone.xmlrpc.XmlRpcFault: <class 'ssl.SSLError'>:[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
2023-01-30 18:16:00,116 [DefaultQuartzScheduler_Worker-17] ERROR com.redhat.rhn.taskomatic.task.CobblerSyncTask - Message: We had an error trying to login. 2023-01-30 18:16:00,116 [DefaultQuartzScheduler_Worker-17] ERROR com.redhat.rhn.taskomatic.task.CobblerSyncTask - Cause: {} redstone.xmlrpc.XmlRpcFault: <class 'ssl.SSLError'>:[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
+
2023-01-30 18:37:00,057 [DefaultQuartzScheduler_Worker-9] ERROR com.redhat.rhn.taskomatic.task.CobblerSyncTask - Stack trace:com.redhat.rhn.manager.kickstart.cobbler.NoCobblerTokenException: We had an error trying to login. [..] Caused by: redstone.xmlrpc.XmlRpcFault: <class 'ssl.SSLError'>:[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
Actually we renewed our internal Root-CA certificate last month, added a new certificate chain to /etc/apache2/ssl.crt/ and included it in /etc/apache2/vhosts.d/vhost-ssl.conf . Webbrowsers show the updated certificate chain. Initially we forgot to add the new Root-CA-certificate to /etc/ssl/certs/ (+ run "update-ca-certificates") but this has been fixed meanwhile.
I wonder if /etc/ssl/ca-bundle.pem is used by Apache Tomcat for validation of SSL-server certificates?
Any other idea?
Regards, Tobias Crefeld.