Installation guide
The Red Hat Sat ellite SSL T o o l is not required in the following situations:
During installation of a Red Hat Satellite Server. All SSL settings are configured during the
installation process. The SSL keys and certificate are built and deployed automatically.
During installation of a Red Hat Proxy Server 3.6 or later if connected to a Red Hat
Satellite Server 3.6 or later as its top-level service. The Red Hat Satellite Server contains all of the
SSL information needed to configure, build and deploy the Red Hat Proxy Server's SSL keys and
certificates.
The installation procedures for both the Red Hat Satellite Server and the Red Hat Proxy Server
ensure the CA SSL public certificate is deployed to the /pub directory of each server. This public
certificate is used by the client systems to connect to the Red Hat Satellite Server. See Section 3.3,
“ D eploying the CA SSL Public Certificate to Clients” for more information.
In summary, if the organization's Satellite or Proxy infrastructure deploys the latest version of
Red Hat Satellite Server as its top-level service, there should be little need to use the Red Hat
Satellit e SSL T o o l.
3.2.1. Generat ing SSL Cert ificat es
The primary benefits of using the Red Hat Satellit e SSL Main t en an ce T o o l are security,
flexibility, and portability. Security is achieved through the creation of distinct Web server SSL keys
and certificates for each Red Hat Satellite server, all signed by a single Certificate Authority SSL key
pair created by the organization. Flexibility is supplied by the tool's ability to work on any machine
that has the spacewalk-certs-tools package installed. Portability exists in a build structure that can be
stored anywhere for safe keeping and then installed whenever the need arises.
If the organization infrastructure's top-level Server is the most current Red Hat Satellite Server, the
most that may be required is to restore the ssl -bui l d tree from an archive to the /ro o t directory
and utilize the configuration tools provided within the Red Hat Satellite Server's website.
To make the best use of the Red Hat Satellit e SSL Main t en an ce T o o l, complete the following
high-level tasks in the following order. See the remaining sections for the required details:
1. Install the spacewalk-certs-tools package on a system within the organization, perhaps but not
necessarily the Red Hat Satellite Server or Red Hat Proxy Server.
2. Create a single Certificate Authority SSL key pair for the organization and install the resulting
RPM or public certificate on all client systems. See Section 3.2.3, “ Generating the Certificate
Authority SSL Key Pair” for more information.
3. Create a Web server SSL key set for each of the Proxy and Satellite servers to be deployed
and install the resulting RPM files on the Red Hat Satellite servers.
4. Restart the httpd service:
# servi ce httpd restart
5. Back up the SSL build tree - consisting of the primary build directory and all subdirectories
and files - to removable media, such as a CD or D VD. (D isk space requirements are
insignificant.)
6. Verify and then store that archive in a safe location, such as the one described for backups in
the Additional Requirements sections of either the Proxy or Satellite installation guide.
7. Record and secure the CA password for future use.
Chapt er 3. SSL Infrast ruct ure
9