Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK PROXY SERVER 3.6 -
18192021222324252627
latest.txt: lists the latest versions of the relevant files.
When this process is complete, distribute the RPM file to the client systems. See Section 4.3,Deploying
the CA SSL Public Certificate to Clients for more information.
4.2.4. Generating Web Server SSL Key Sets
At this point, a CA SSL key pair should already be generated. However there is a likelihood of generating
web server SSL key sets more frequently, especially if more than one Proxy or Satellite is deployed. A
distinct set of SSL keys and certificates must be generated and installed for every distinct Satellite or
Proxy server host name. T he value for --set-hostname is therefore different for each server.
The server certificate build process works in a similar fashion to CA SSL key pair generation, with one
exception: All server components are saved in subdirectories of the build directory. T hese
subdirectories reflect the build system's machine name, such as /root/ssl-build/MACHINE_NAME.
To generate a server certificate, run the following command.
Important
Replace the example values with those appropriate for your organization.
The following is a single command. Ensure you enter it all on one line.
# rhn-ssl-tool --gen-server \
--password=MY_CA_PASSWORD \
--dir="/root/ssl-build" \
--set-state="North Carolina" \
--set-city="Raleigh"
--set-org="Example Inc." \
--set-org-unit="IS/IT" \
--set-email="admin@example.com" \
--set-hostname="rhnbox1.example.com "
This command generates the following relevant files in a machine-specific subdirectory of the build
directory:
server.key: the Web server's SSL private server key.
server.csr: the Web server's SSL certificate request.
server.crt: the web server's SSL public certificate.
rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm : the RPM prepared for
distribution to Satellite and Proxy Servers. Its associated src.rpm file is also generated.
This RPM file contains the server.key, server.csr, and server.crt files. T hese files are
installed in the following directories:
/etc/httpd/conf/ssl.key/server.key
/etc/httpd/conf/ssl.csr/server.csr
/etc/httpd/conf/ssl.crt/server.crt
rhn-server-openssl.cnf: the Web server's SSL configuration file.
latest.txt: lists the latest versions of the relevant files.
When this process is complete, distribute and install the RPM file on its respective Satellite or Proxy
Server, and then restart the httpd service.
Chapter 4. SSL Infrastructure
19