The Rhn Ssl Maintenance Tool - Red Hat NETWORK 3.7 - CLIENT Configuration Manual

10
verifiable association between the Web server's SSL public certificate and the CA SSL key pair and
server's private key. The Web server's key set cannot be shared with other web servers.
Important
The most critical portion of this system is the CA SSL key pair. From that private key and public
certificate an administrator can regenerate any Web server's SSL key set. This CA SSL key pair
must be secured. It is highly recommended that once the entire RHN infrastructure of servers is set
up and running, you archive the SSL build directory generated by this tool and/or the installers onto
separate media, write down the CA password, and secure the media and password in a safe place.

3.2. The RHN SSL Maintenance Tool

Red Hat Network provides a command line tool to ease management of your secure infrastructure: the
RHN SSL Maintenance Tool, commonly known by its command
resides in the
rhns-certs-tools
Server and RHN Satellite Server, (as well as the Satellite ISO) enables you to generate your own
Certificate Authority SSL key pair, as well as Web server SSL key sets (sometimes called key pairs).
This tool is only a build tool though. It generates all the SSL keys and certificates that are required. It
also packages the files in RPM format for quick distribution and installation on all client machines. It
does not deploy them, however. That is left to the administrator, or in many cases, automated by the
RHN Satellite Server.
Note
The
rhns-certs-tools
Red Hat Enterprise Linux system with minimal requirements. This is offered as a convenience for
administrators who wish to manage their SSL infrastructure from their workstation or another system
other than their RHN Server(s).
Here are the use cases for when you need to use the tool:
When updating your CA public certificate - rare.
•
When installing an RHN Proxy Server version 3.6 or later that connects to the central RHN Servers
•
as its top-level service - the hosted service, for security concerns, cannot be a repository for your
CA SSL key and certificate that is private to your organization.
When reconfiguring your RHN infrastructure to use SSL where it previously did not.
•
When adding RHN Proxy Servers of versions prior to 3.6 into your RHN infrastructure.
•
When adding multiple RHN Satellite Servers to your RHN infrastructure - consult with a Red Hat
•
representative for instructions regarding this.
Here are the use cases for when you do not need to use the tool:
During installation of an RHN Satellite Server - all SSL settings are configured during the installa-
•
tion process. The SSL keys and certificate are built and deployed automatically.
During installation of an RHN Proxy Server version 3.6 or later if connected to an RHN Satellite
•
Server version 3.6 or later as its top-level service - the RHN Satellite Server contains all of the
package within the software channels for the latest RHN Proxy
, which contains
rhn-ssl-tool
Chapter 3. SSL Infrastructure
rhn-ssl-tool
, can be installed and run on any current
. This tool, which