Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK PROXY SERVER 3.6 -
18192021222324252627
Note
When additional Web server SSL key sets are needed, restore the build tree on a system
running the Red Hat Satellite SSL Maintenance T ool and repeat steps 3 through 7.
4.2.2. Red Hat Satellite SSL Maintenance Tool Options
The Red Hat Satellite SSL Maint enance T ool offers numerous command line options for generating
Certificate Authority SSL key pair and managing your server SSL certificates and keys. The following
command-line help options are available:
rhn-ssl-tool --help: for general help.
rhn-ssl-tool --gen-ca --help: for Certificate Authority help.
rhn-ssl-tool --gen-server --help: for Web server help.
See the manual page (m an rhn-ssl-tool) for more information.
4.2.3. Generating the Certificate Authority SSL Key Pair
Before creating the SSL key set required by the Web server, generate a Certificate Authority (CA) SSL
key pair. A CA SSL public certificate is distributed to client systems of the Satellite or Proxy. T he Red
Hat Satellite SSL Maintenance T ool allows you to generate a CA SSL key pair if needed and reuse
it for all subsequent Red Hat Satellite server deployments.
The build process automatically creates the key pair and public RPM for distribution to clients. All CA
components are created in the build directory specified at the command line, typically /root/ssl-
build (or /etc/sysconfig/rhn/ssl for older Satellite and Proxy servers). To generate a CA SSL
key pair, run the following command.
Important
Replace the example values with those appropriate for your organization.
# rhn-ssl-tool --gen-ca \
--password=MY_CA_PASSWORD \
--dir="/root/ssl-build" \
--set-state="North Carolina" \
--set-city="Raleigh" \
--set-org="Example Inc." \
--set-org-unit="SSL CA Unit"
This command generates the following relevant files in the specified build directory:
RHN-ORG-PRIVATE-SSL-KEY: the CA SSL private key.
RHN-ORG-T RUST ED-SSL-CERT : the CA SSL public certificate.
rhn-org-trusted-ssl-cert-VER-REL.noarch.rpm : the RPM prepared for distribution to
client systems.
This file contains the CA SSL public certificate (above) and installs it as /usr/share/rhn/RHN-
ORG-TRUST ED-SSL-CERT
rhn-ca-openssl.cnf: the SSL CA configuration file.
Red Hat Satellite 5.6 Client Configuration Guide
18