Hi,
I followed the instructions given here: https://docs.pulpproject.org/user-guide/qpid.html and I tried the script pulp-qpid-ssl-cfg and it runs and generates the proposed files but after editing the configuration files the system does not work.
Details:
Fedora 26
Pulp 2.16.1
Attempt 1:
1. Run the script pulp-qpid-ssl-cfg and generated the files
2. Verified that the permissions for certificate files generated are right (644 for public 600 for private)
3. Changes the configuration files as mentioned in the docs
4. Restarted all the services
Results:
When trying to run Pulp Admin it raises ApacheServerError with no further details.
Attempt 2:
Following Brian suggestion I debugged qpid isolated with
$ qpid-tool --sasl-service-name=broker --ssl-certificate=/etc/pki/pulp/qpid/ca.crt --ssl-key=/etc/pki/pulp/qpid/client.crt --broker=FQDN:5671
Management Tool for QPID
qpid: Failed to connect: Exception during connection setup: error - [Errno 111] Connection refused
Then examining the qpid system logs:
$ journalctl -t qpidd -l --no-pager -f
[Security] error Failed to initialise SSL plugin: Failed: NSS error [-8015] (/builddir/build/BUILD/qpid-cpp-1.37.0/src/qpid/sys/ssl/util.cpp:100)
Attempt 3:
1. Then I tried to generated the certificates manually
2. Then I followed the instructions here: http://qpid.apache.org/releases/qpid-cpp-1.38.0/cpp-broker/book/chap-Messaging_User_Guide-Security.html#sect-Messaging_User_Guide-Security-Encryption_using_SSL
Results:
The same as before
Note Documentation looks like to be outdated:
Item 7 says Make sure the qpid-cpp-server-ssl RPM is installed but this package doesn't exists anymore and looks like it is now replaced by https://fedora.pkgs.org/26/fedora-x86_64/qpid-cpp-server-1.36.0-1.fc26.x86_64.rpm.html
Questions:
Is that script still supposed to be working?
.