Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK PROXY SERVER 3.6 -
11121314151617181920
establish a connection to their respective upstream servers. Each server has its own SSL key set that is
specifically tied to that server's host name and generated using its own SSL private key and the CA SSL
private key in combination. T his establishes a digitally verifiable association between the Web server's
SSL public certificate and the CA SSL key pair and server's private key. T he Web server's key set
cannot be shared with other web servers.
Important
The most critical portion of this system is the CA SSL key pair. From that private key and public
certificate an administrator can regenerate any Web server's SSL key set. This CA SSL key pair
must be secured. It is highly recommended that once the entire Red Hat Satellite infrastructure of
servers is set up and running, archive the SSL build directory generated by this tool and/or the
installers onto separate media, write down the CA password, and secure the media and
password in a safe place.
4.2. The Red Hat Satellite SSL Maintenance Tool
Red Hat Satellite provides a command line tool to ease the management of the organization's secure
infrastructure: the Red Hat Satellite SSL Tool, commonly known by its command rhn-ssl-tool.
This tool is available as part of the spacewalk-certs-tools package. T his package can be found
within the software channels for the latest Red Hat Proxy Server and Red Hat Satellite Server (as well as
the Red Hat Satellite Server ISO). The Red Hat Satellite SSL T ool enables organizations to generate
their own Certificate Authority SSL key pair, as well as Web server SSL key sets (sometimes called key
pairs).
This tool is only a build tool. It generates all of the SSL keys and certificates that are required. It also
packages the files in RPM format for quick distribution and installation on all client machines. It does not
deploy them. That is left to the administrator, or in many cases, automated by the Red Hat
Satellite Server.
Note
The spacewalk-certs-tools, which contains rhn-ssl-tool, can be installed and run on
any current Red Hat Enterprise Linux system with minimal requirements. T his is offered as a
convenience for administrators who want to manage their SSL infrastructure from their
workstation or another system other than their Satellite or Proxy servers.
The Red Hat Satellite SSL T ool is required in the following situations:
When updating the Certificate Authority (CA) public certificate.
When installing a Red Hat Proxy Server 3.6 or later that connects to the central Red Hat Satellite
Servers as its top-level service. T he hosted service, for security reasons, cannot be a repository for
the CA SSL key and certificate, which is private to the organization.
When reconfiguring the Satellite or Proxy infrastructure to use SSL where it previously did not.
When adding multiple Red Hat Satellite Servers to the Red Hat Satellite infrastructure. Consult with a
Red Hat representative for instructions regarding this.
The Red Hat Satellite SSL T ool is not required in the following situations:
During installation of a Red Hat Satellite Server. All SSL settings are configured during the installation
Red Hat Satellite 5.6 Client Configuration Guide
16