Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK PROXY SERVER 3.6 -
11121314151617181920
process. T he SSL keys and certificate are built and deployed automatically.
During installation of a Red Hat Proxy Server 3.6 or later if connected to a Red Hat
Satellite Server 3.6 or later as its top-level service. T he Red Hat Satellite Server contains all of the
SSL information needed to configure, build and deploy the Red Hat Proxy Server's SSL keys and
certificates.
The installation procedures for both the Red Hat Satellite Server and the Red Hat Proxy Server ensure
the CA SSL public certificate is deployed to the /pub directory of each server. T his public certificate is
used by the client systems to connect to the Red Hat Satellite Server. See Section 4.3,Deploying the
CA SSL Public Certificate to Clients for more information.
In summary, if the organization's Satellite or Proxy infrastructure deploys the latest version of Red Hat
Satellite Server as its top-level service, there should be little need to use the Red Hat Satellite SSL
Tool.
4.2.1. Generating SSL Certificates
The primary benefits of using the Red Hat Satellite SSL Maintenance T ool are security, flexibility,
and portability. Security is achieved through the creation of distinct Web server SSL keys and certificates
for each Red Hat Satellite server, all signed by a single Certificate Authority SSL key pair created by the
organization. Flexibility is supplied by the tool's ability to work on any machine that has the spacewalk-
certs-tools package installed. Portability exists in a build structure that can be stored anywhere for safe
keeping and then installed whenever the need arises.
If the organization infrastructure's top-level Server is the most current Red Hat Satellite Server, the most
that may be required is to restore the ssl-build tree from an archive to the /root directory and utilize
the configuration tools provided within the Red Hat Satellite Server's website.
To make the best use of the Red Hat Satellite SSL Maintenance T ool, complete the following high-
level tasks in the following order. See the remaining sections for the required details:
1. Install the spacewalk-certs-tools package on a system within the organization, perhaps but not
necessarily the Red Hat Satellite Server or Red Hat Proxy Server.
2. Create a single Certificate Authority SSL key pair for the organization and install the resulting RPM
or public certificate on all client systems. See Section 4.2.3,Generating the Certificate Authority
SSL Key Pair for more information.
3. Create a Web server SSL key set for each of the Proxy and Satellite servers to be deployed and
install the resulting RPM files on the Red Hat Satellite servers.
4. Restart the httpd service:
# service httpd restart
5. Back up the SSL build tree - consisting of the primary build directory and all subdirectories and
files - to removable media, such as a CD or DVD. (Disk space requirements are insignificant.)
6. Verify and then store that archive in a safe location, such as the one described for backups in the
Additional Requirements sections of either the Proxy or Satellite installation guide.
7. Record and secure the CA password for future use.
8. Delete the build tree from the build system for security purposes, but only after the entire Satellite
infrastructure is in place and configured.
Chapter 4. SSL Infrastructure
17