Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK SATELLITE SERVER 3.6
11121314151617181920
rhn-o rg -trusted -ssl -cert-VER-REL. no arch. rpm: the RPM prepared for distribution to
client systems.
This file contains the CA SSL public certificate (above) and installs it as /usr/share/rhn/R HN-
O R G -T R UST ED -SSL-C ER T
rhn-ca-o penssl . cnf: the SSL CA configuration file.
l atest. txt: lists the latest versions of the relevant files.
When this process is complete, distribute the RPM file to the client systems. See Section 3.3,
D eploying the CA SSL Public Certificate to Clients for more information.
3.2.4 . Generat ing Web Server SSL Key Set s
At this point, a CA SSL key pair should already be generated. However there is a likelihood of
generating web server SSL key sets more frequently, especially if more than one Proxy or Satellite is
deployed. A distinct set of SSL keys and certificates must be generated and installed for every distinct
Satellite or Proxy server host name. The value for --set-ho stname is therefore different for each
server.
The server certificate build process works in a similar fashion to CA SSL key pair generation, with
one exception: All server components are saved in subdirectories of the build directory. These
subdirectories reflect the build system's machine name, such as /ro o t/ssl -
bui l d /MAC HINE_NAME. To generate a server certificate, run the following command.
Important
Replace the example values with those appropriate for your organization.
The following is a single command. Ensure you enter it all on one line.
# rhn-ssl-tool --gen-server \
--password=MY_CA_PASSWORD \
--dir="/root/ssl-build" \
--set-state="MY_STATE" \
--set-city="MY_CITY"
--set-org="Example Inc." \
--set-org-unit="MY_ORG_UNIT" \
--set-email="admin@example.com" \
--set-hostname="machinename.example.com"
This command generates the following relevant files in a machine-specific subdirectory of the build
directory:
server. key: the Web server's SSL private server key.
server. csr: the Web server's SSL certificate request.
server. crt: the web server's SSL public certificate.
rhn-o rg -httpd -ssl -key-pai r-MACHINE_NAME-VER-REL. no arch. rpm: the RPM prepared
for distribution to Satellite and Proxy Servers. Its associated src. rpm file is also generated.
Chapt er 3. SSL Infrast ruct ure
11