Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK PROXY SERVER 3.7 -
21222324252627282930
After the Tomcat service has restarted, refresh the Satellite Proxy server web interface and you should
see the CNAMEs listed on the Hard ware tab of the System D etai l s page.
Before you can use these CNAMEs, however, you need to create a new set of certificates, and
configure the Satellite Proxy to use these certificates. This is because the original certificate is only
valid for the canonical host name; you need to create new certificates that are valid for each CNAME.
This is covered in Section 5.3, “ Generating and Using Multi-host SSL Certificates .
Report a bug
5.3. Generat ing and Using Mult i-host SSL Cert ificat es
You need to generate multi-host SSL certificates to take advantage of the ability to use CNAME
records on the Satellite Proxy server. You also need to update the rhn-ca-o penssl . cnf file to
ensure that the Satellite Proxy server is aware of and uses these certificates.
Pro ced u re 5.2. T o Up d at e t h e SSL Co n f ig u rat ion File to u se Mu lti- h o st Cert if icat es:
1. Edit the /ro o t/ssl -bui l d /rhn-ca-o penssl . cnf file and locate the [CA_default] section.
2. Ensure the entry co py_extensi o ns = co py exists and is not commented out.
3. Save and close the file.
Important
You need to complete the above step before you run co nfi g ure-pro xy. sh with SSL_C NAME
set, or the installation will fail.
You also need to update your answers file so that the Satellite Proxy configuration will use the new
SSL certificates created previously.
Pro ced u re 5.3. T o Up d at e t h e An swers File t o Use Multi- h o st SSL C ert if icat es:
1. Edit the answers. txt file that you created for the initial Satellite Proxy installation. If you did
not create such a file, you can find an example setup in /usr/share/d o c/spacewal k-
setup-<versi o n>/answers. txt.
2. Ensure the following line exists, and is not commented out:
SSL_CNAME = (cname01 cname02 cname03)
3. Run the co nfi g ure-pro xy. sh script with the --answer-fi l e option to generate the
multi-host SSL certificate. For example:
# configure-proxy.sh --answer-file=</path/to/answers.txt>
Chapt er 5. Configuring Sat ellit e Proxy t o Use CNAME Reco rds
23