[SAC] [OSGeo] #2521: Change secure to use dedicated cert and set up script to copy the cert
OSGeo
trac_osgeo at osgeo.org
Sun Dec 5 07:12:44 PST 2021
#2521: Change secure to use dedicated cert and set up script to copy the cert
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2021-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------
Changes (by robe):
* milestone: Sysadmin Contract 2020-II => Sysadmin Contract 2021-II
Comment:
Okay this is till not working so reopening it.
When I do this:
Check if secure's cert expire date
{{{
openssl s_client -servername ldap.osgeo.org -connect ldap.osgeo.org:636
2>/dev/null | openssl x509 -noout -dates
}}}
I get:
{{{
notBefore=Sep 29 09:16:39 2021 GMT
notAfter=Dec 28 09:16:38 2021 GMT
}}}
When I check the recently received cert on nginx:
{{{
openssl s_client -servername ldap.osgeo.org -connect ldap.osgeo.org:443
2>/dev/null | openssl x509 -noout -dates
}}}
I get
{{{
notBefore=Nov 28 19:31:56 2021 GMT
notAfter=Feb 26 19:31:55 2022 GMT
}}}
If I restart slapd on osgeo7-secure
{{{
systemctl restart slapd
}}}
It does not fix the issue.
So it seems the cronjob is not working.
The cronjob on osgeo7 looks
{{{
sudo systemctl status cron
}}}
shows this:
{{{
Dec 05 12:30:01 osgeo7 CRON[25890]: (tech_dev) CMD
(/usr/local/bin/copy_ldap_certs_to_secure.sh)
Dec 05 12:30:01 osgeo7 cron[4341]: sendmail: fatal: open
/etc/postfix/main.cf: Permission denied
Dec 05 12:30:01 osgeo7 CRON[25889]: (tech_dev) MAIL (mailed 109 bytes of
output but got status 0x004b from MTA
)
Dec 05 12:30:01 osgeo7 CRON[25889]: pam_unix(cron:session): session closed
for user tech_dev
Dec 05 13:17:01 osgeo7 CRON[7005]: pam_unix(cron:session): session opened
for user root by (uid=0)
Dec 05 13:17:01 osgeo7 CRON[7009]: (root) CMD ( cd / && run-parts
--report /etc/cron.hourly)
Dec 05 13:17:01 osgeo7 CRON[7005]: pam_unix(cron:session): session closed
for user root
Dec 05 14:17:01 osgeo7 CRON[18083]: pam_unix(cron:session): session opened
for user root by (uid=0)
Dec 05 14:17:01 osgeo7 CRON[18084]: (root) CMD ( cd / && run-parts
--report /etc/cron.hourly)
Dec 05 14:17:01 osgeo7 CRON[18083]: pam_unix(cron:session): session closed
for user root
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2521#comment:13>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list