Generating The Certiﬁcate Authority Ssl Key Pair; Generating Web Server Ssl Key Sets - Red Hat NETWORK 3.6 - CLIENT Configuration Manual

Client configuration

Hide thumbs Also See for NETWORK 3.6 - CLIENT:

Manual (32 pages)

Reference manual (198 pages)

Table Of Contents

Table of Contents

Chapter 3. SSL Infrastructure

3.2.3. Generating the Certiﬁcate Authority SSL Key Pair

Before creating the SSL key set required by the Web server, you must have a Certiﬁcate Authority

(CA) SSL key pair generated. A CA SSL public certiﬁcate gets distributed to client systems of the

Satellite or Proxy. The RHN SSL Maintenance Tool allows you to generate a CA SSL key pair if

needed and re-use it for all subsequent RHN server deployments.

The build process automatically creates the key pair and public RPM for distribution to clients. All CA

components end up in the build directory speciﬁed at the command line, typically

(or

/etc/sysconfig/rhn/ssl

issue a command like this:

rhn-ssl-tool --gen-ca --password=MY_CA_PASSWORD --dir="/root/ssl-build" \

--set-state="North

--set-org-unit="SSL CA Unit"

Replace the example values with those appropriate for your organization. This will result in the fol-

lowing relevant ﬁles in the speciﬁed build directory:

•

RHN-ORG-PRIVATE-SSL-KEY

•

RHN-ORG-TRUSTED-SSL-CERT

•

rhn-org-trusted-ssl-cert-VER-REL.noarch.rpm

client systems

•

rhn-ca-openssl.cnf

— always lists the latest versions of the relevant ﬁles.

•

latest.txt

Once ﬁnished, you're ready to distribute the RPM to client systems. Refer to Section 3.3 Deploying

the CA SSL Public Certiﬁcate to Clients.

3.2.4. Generating Web Server SSL Key Sets

Although you must have a CA SSL key pair already generated, you will likely generate web server

SSL key sets more frequently, especially if more than one Proxy or Satellite is deployed. Note that the

value for

--set-hostname

certiﬁcates needs to be generated and installed for every distinct RHN server hostname.

The server certiﬁcate build process works much like CA SSL key pair generation with one exception:

All server components end up in subdirectories of the build directory that reﬂect the build system's

machine name, such as

command like this:

rhn-ssl-tool --gen-server --password=MY_CA_PASSWORD --dir="/root/ssl-build" \

--set-state="North

--set-org-unit="IS/IT" --email="admin@example.com" \

--set-hostname="rhnbox1.example.com

Replace the example values with those appropriate for your organization. This will result in the fol-

lowing relevant ﬁles in a machine-speciﬁc subdirectory of the build directory:

— the Web server's SSL private server key

•

server.key

— the Web server's SSL certiﬁcate request

•

server.csr

— the web server's SSL public certiﬁcate

•

server.crt

for older Satellites and Proxies). To generate a CA SSL key pair,

Carolina" --set-city="Raleigh" --set-org="Example Inc." \

— the private CA key

— the public CA certiﬁcate

— the SSL CA conﬁguration ﬁle

is different for each server. In other words, a distinct set of SSL keys and

/root/ssl-build/MACHINE_NAME

Carolina" --set-city="Raleigh" --set-org="Example

/root/ssl-build

— the RPM prepared for distribution to

. To generate server certiﬁcates, issue a

Inc." \

Table of Contents

Need help?

Do you have a question about the NETWORK 3.6 - CLIENT and is the answer not in the manual?

Generating The Certiﬁcate Authority Ssl Key Pair; Generating Web Server Ssl Key Sets - Red Hat NETWORK 3.6 - CLIENT Configuration Manual

3.2.4. Generating Web Server SSL Key Sets

Need help?

Subscribe to Our Youtube Channel

Related Manuals for Red Hat NETWORK 3.6 - CLIENT

Related Content for Red Hat NETWORK 3.6 - CLIENT

Table of Contents