Generating The Certificate Authority Ssl Key Pair - Red Hat NETWORK 4.0.5 - CLIENT Configuration Manual

Chapter 3. SSL Infrastructure
Option
--no-rpm
--server-rpm=SERVER_RPM
--server-tar=SERVER_TAR
Table 3-2. SSL Web Server Options (
3.2.3. Generating the Certificate Authority SSL Key Pair
Before creating the SSL key set required by the Web server, you must generate a Certificate
Authority (CA) SSL key pair. A CA SSL public certificate is distributed to client systems
of the Satellite or Proxy. The RHN SSL Maintenance Tool allows you to generate a CA
SSL key pair if needed and re-use it for all subsequent RHN server deployments.
The build process automatically creates the key pair and public RPM for distribution to
clients. All CA components end up in the build directory specified at the command line,
typically
/root/ssl-build
Proxies). To generate a CA SSL key pair, issue a command like this:
rhn-ssl-tool --gen-ca --password=MY_CA_PASSWORD --dir="/root/ssl-build" \
--set-state="North
--set-org-unit="SSL CA Unit"
Replace the example values with those appropriate for your organization. This will result
in the following relevant files in the specified build directory:
•
RHN-ORG-PRIVATE-SSL-KEY
•
RHN-ORG-TRUSTED-SSL-CERT
rhn-ssl-tool --gen-server --help
(or
/etc/sysconfig/rhn/ssl
Carolina" --set-city="Raleigh" --set-org="Example Inc." \
— the CA SSL private key
— the CA SSL public certificate
Description
Rarely used - Conduct all
server-related steps except RPM
generation.
Rarely changed - RPM name that
houses the Web server's SSL key set
(the base filename, not
filename-version-release.noarch.rpm).
Rarely changed - Name of .tar archive
of the Web server's SSL key set and
CA public certificate that is used
solely by the hosted RHN Proxy
Server installation routines (the base
filename, not
filename-version-release.tar).
for older Satellites and
21
)