Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

7.4. Connection Errors

A common connection problem, indicated by SSL_CONNECT errors, is the result of a Satellite being installed on a machine whose time had been improperly set. During the Satellite installation process, SSL certificates are created with inaccurate times. If the Satellite's time is then corrected, the certificate start date and time may be set in the future, making it invalid.
To troubleshoot this, check the date and time on the clients and the Satellite with the following command: 
date
Copy to Clipboard Toggle word wrap
The results should be nearly identical for all machines and within the "notBefore" and "notAfter" validity windows of the certificates. Check the client certificate dates and times with the following command: 
openssl x509 -dates -noout -in /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Copy to Clipboard Toggle word wrap
Check the Satellite server certificate dates and times with the following command: 
openssl x509 -dates -noout -in /etc/httpd/conf/ssl.crt/server.crt
Copy to Clipboard Toggle word wrap
By default, the server certificate has a one-year life while client certificates are good for 10 years. If you find the certificates are incorrect, you can either wait for the valid start time, if possible, or create new certificates, preferably with all system times set to GMT.
The following measures can be used to troubleshoot general connection errors:
  • Attempt to connect to the RHN Satellite Server's database at the command line using the correct connection string as found in /etc/rhn/rhn.conf: 
    sqlplus username/password@sid
    Copy to Clipboard Toggle word wrap
  • Ensure the RHN Satellite Server is using Network Time Protocol (NTP) and set to the appropriate time zone. This also applies to all client systems and the separate database machine in RHN Satellite Server with Stand-Alone Database.
  • Confirm the correct package: 
    7 rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm  rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm  rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm
    Copy to Clipboard Toggle word wrap
    is installed on the RHN Satellite Server and the corresponding rhn-org-trusted-ssl-cert-*.noarch.rpm or raw CA SSL public (client) certificate is installed on all client systems.
  • Verify the client systems are configured to use the appropriate certificate.
  • If also using one or more RHN Proxy Servers, ensure each Proxy's SSL certificates are prepared correctly. The Proxy should have both its own server SSL key-pair and CA SSL public (client) certificate installed, since it will serve in both capacities. Refer to the SSL Certificates chapter of the RHN Client Configuration Guide for specific instructions.
  • Make sure client systems are not using firewalls of their own, blocking required ports as identified in Section 2.4, “Additional Requirements”.
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat