Table of Contents
Advertisement
16
any machine that has the
build structure that can be stored anywhere for safe keeping and then installed wherever
the need arises.
Again, if your infrastructure's top-level RHN Server is the most current RHN Satellite
Server, the most you may have to do is restore your
the
directory and utilize the configuration tools provided within the RHN Satellite
/root
Server's website.
To make the best use of the RHN SSL Maintenance Tool, complete the following high-
level tasks in roughly this order. Refer to the remaining sections for the required details:
1. Install the
rhns-certs-tools
haps but not necessarily the RHN Satellite Server or RHN Proxy Server.
2. Create a single Certificate Authority SSL key pair for your organization and install
the resulting RPM or public certificate on all client systems.
3. Create a Web server SSL key set for each of the Proxies and Satellites to be deployed
and install the resulting RPMs on the RHN Servers, restarting the
afterwards:
/sbin/service httpd restart
4. Archive the SSL build tree - consisting of the primary build directory and all subdi-
rectories and files - to removable media, such as a floppy disk. (Disk space require-
ments are insignificant.)
5. Verify and then store that archive in a safe location, such as the one described for
backups in the Additional Requirements sections of either the Proxy or Satellite in-
stallation guide.
6. Record and secure the CA password for future use.
7. Delete the build tree from the build system for security purposes, but only once the
entire RHN infrastructure is in place and configured.
8. When additional Web server SSL key sets are needed, restore the build tree on a
system running the RHN SSL Maintenance Tool and repeat steps 3 through 7.
3.2.2. RHN SSL Maintenance Tool Options
The RHN SSL Maintenance Tool offers a plethora of command line options for
generating your Certificate Authority SSL key pair and managing your server SSL
certificates and keys. The tool offers essentially three command line option help listings:
rhn-ssl-tool --help
Authority), and
rhn-ssl-tool --gen-server --help
page for rhn-ssl-tool is also quite detailed and available to assist:
The two tables below break down the options by their related task, either CA or Web server
SSL key set generation.
rhns-certs-tools
package on a system within your organization, per-
(general),
rhn-ssl-tool --gen-ca --help
Chapter 3. SSL Infrastructure
package installed. Portability exists in a
tree from an archive to
ssl-build
(Web server). The manual
man rhn-ssl-tool
service
httpd
(Certificate
.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK 4.0.5 - CLIENT and is the answer not in the manual?
Questions and answers