Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK SATELLITE SERVER 3.7
61626364656667686970
Q:
A:
Q:
A:
Make sure that Red Hat Satellite is using Network T ime Protocol (NTP) and set to the
appropriate time zone. T his also applies to all client systems and the separate database
machine in Red Hat Satellite with Stand-Alone Database.
Confirm the correct package:
rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm
is installed on the Red Hat Satellite and the corresponding rhn-org-trusted-ssl-cert-
* .noarch.rpm or raw CA SSL public (client) certificate is installed on all client systems.
Verify the client systems are configured to use the appropriate certificate.
If also using one or more Red Hat Satellite Proxy Servers, ensure each Proxy's SSL certificates
are prepared correctly. The Proxy should have both its own server SSL key-pair and CA SSL
public (client) certificate installed, since it will serve in both capacities. See the SSL Certificates
chapter of the Red Hat Satellite Client Configuration Guide for specific instructions.
Make sure client systems are not using firewalls of their own, blocking required ports as
identified in the Red Hat Satellite Installation Guide's Additional Requirements section.
What do I do if importing or synchronizing a channel fails and I can't recover it?
If importing/synchronizing a channel fails and you can't recover it in any other way, run this
command to delete the cache:
# rm -rf temporary-directory
Note
The Red Hat Satellite Installation Guide section on Preparing for Import from Local Media
specifies /var/rhn-sat-im port/ as the temporary directory.
Next, restart the importation or synchronization.
I'm getting "SSL_CONNECT " errors. What do I do now?
A common connection problem, indicated by SSL_CONNECT errors, is the result of a Satellite being
installed on a machine whose time had been improperly set. During the Satellite installation
process, SSL certificates are created with inaccurate times. If the Satellite's time is then corrected,
the certificate start date and time may be set in the future, making it invalid.
To troubleshoot this, check the date and time on the clients and the Satellite with the following
command:
# date
The results should be nearly identical for all machines and within the "notBefore" and "notAfter"
validity windows of the certificates. Check the client certificate dates and times with the following
command:
# openssl x509 -dates -noout -in /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Check the Satellite server certificate dates and times with the following command:
Chapter 5. Troubleshooting
67