[SAC] [OSGeo] #2521: Change secure to use dedicated cert and set up script to copy the cert

OSGeo trac_osgeo at osgeo.org
Sun Dec 5 07:12:44 PST 2021 

#2521: Change secure to use dedicated cert and set up script to copy the cert
---------------------------+----------------------------------------
 Reporter:  robe           |       Owner:  sac@…
     Type:  task           |      Status:  new
 Priority:  normal         |   Milestone:  Sysadmin Contract 2021-II
Component:  Systems Admin  |  Resolution:
 Keywords:                 |
---------------------------+----------------------------------------
Changes (by robe):

 * milestone:  Sysadmin Contract 2020-II => Sysadmin Contract 2021-II


Comment:

 Okay this is till not working so reopening it.

 When I do this:

 Check if secure's cert expire date
 {{{
  openssl s_client -servername ldap.osgeo.org -connect ldap.osgeo.org:636
 2>/dev/null | openssl x509 -noout -dates

 }}}
 I get:

 {{{
 notBefore=Sep 29 09:16:39 2021 GMT
 notAfter=Dec 28 09:16:38 2021 GMT
 }}}

 When I check the recently received cert on nginx:


 {{{
  openssl s_client -servername ldap.osgeo.org -connect ldap.osgeo.org:443
 2>/dev/null | openssl x509 -noout -dates
 }}}

 I get


 {{{
 notBefore=Nov 28 19:31:56 2021 GMT
 notAfter=Feb 26 19:31:55 2022 GMT
 }}}

 If I restart slapd on osgeo7-secure

 {{{
 systemctl restart slapd
 }}}

 It does not fix the issue.

 So it seems the cronjob is not working.

 The cronjob on osgeo7 looks

 {{{
  sudo systemctl status cron
 }}}

 shows this:


 {{{
 Dec 05 12:30:01 osgeo7 CRON[25890]: (tech_dev) CMD
 (/usr/local/bin/copy_ldap_certs_to_secure.sh)
 Dec 05 12:30:01 osgeo7 cron[4341]: sendmail: fatal: open
 /etc/postfix/main.cf: Permission denied
 Dec 05 12:30:01 osgeo7 CRON[25889]: (tech_dev) MAIL (mailed 109 bytes of
 output but got status 0x004b from MTA
                                     )
 Dec 05 12:30:01 osgeo7 CRON[25889]: pam_unix(cron:session): session closed
 for user tech_dev
 Dec 05 13:17:01 osgeo7 CRON[7005]: pam_unix(cron:session): session opened
 for user root by (uid=0)
 Dec 05 13:17:01 osgeo7 CRON[7009]: (root) CMD (   cd / && run-parts
 --report /etc/cron.hourly)
 Dec 05 13:17:01 osgeo7 CRON[7005]: pam_unix(cron:session): session closed
 for user root
 Dec 05 14:17:01 osgeo7 CRON[18083]: pam_unix(cron:session): session opened
 for user root by (uid=0)
 Dec 05 14:17:01 osgeo7 CRON[18084]: (root) CMD (   cd / && run-parts
 --report /etc/cron.hourly)
 Dec 05 14:17:01 osgeo7 CRON[18083]: pam_unix(cron:session): session closed
 for user root

 }}}

-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2521#comment:13>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

More information about the Sac mailing list