Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK SATELLITE SERVER 3.6
11121314151617181920
8. Delete the build tree from the build system for security purposes, but only after the entire
Satellite infrastructure is in place and configured.
Note
When additional Web server SSL key sets are needed, restore the build tree on a
system running the Red Hat Satellit e SSL Main t en an ce To o l and repeat steps 3
through 7.
3.2.2. Red Hat Sat ellit e SSL Maint enance T ool Opt ions
The Red Hat Sat ellite SSL Main t en an ce To o l offers numerous command line options for
generating Certificate Authority SSL key pair and managing your server SSL certificates and keys.
The following command-line help options are available:
rhn-ssl -to o l --hel p: for general help.
rhn-ssl -to o l --g en-ca --hel p: for Certificate Authority help.
rhn-ssl -to o l --g en-server --hel p: for Web server help.
See the manual page (man rhn-ssl -to o l ) for more information.
3.2.3. Generat ing t he Cert ificat e Aut horit y SSL Key Pair
Before creating the SSL key set required by the Web server, generate a Certificate Authority (CA) SSL
key pair. A CA SSL public certificate is distributed to client systems of the Satellite or Proxy. The R ed
Hat Satellit e SSL Main t en an ce T o o l allows you to generate a CA SSL key pair if needed and
reuse it for all subsequent Red Hat Satellite server deployments.
The build process automatically creates the key pair and public RPM for distribution to clients. All CA
components are created in the build directory specified at the command line, typically /ro o t/ssl -
bui l d (or /etc/sysco nfi g /rhn/ssl for older Satellite and Proxy servers). To generate a CA
SSL key pair, run the following command.
Important
Replace the example values with those appropriate for your organization.
# rhn-ssl-tool --gen-ca \
--password=MY_CA_PASSWORD \
--dir="/root/ssl-build" \
--set-state="North Carolina" \
--set-city="Raleigh" \
--set-org="Example Inc." \
--set-org-unit="SSL CA Unit"
This command generates the following relevant files in the specified build directory:
R HN-O R G -P R IVAT E-SSL-KEY : the CA SSL private key.
R HN-O R G -T R UST ED -SSL-C ER T : the CA SSL public certificate.
Red Hat Sat ellit e 5.7 Client Configurat ion G u ide
10