The Rhn Ssl Maintenance Tool - Red Hat NETWORK SATELLITE 5.1.0 - CLIENT Configuration Manual

Chapter 3. SSL Infrastructure
often refer to a Web server's key set; this is because there is an intermediary SSL certificate
request that is generated. The details of what this is used for are not important to this
discussion. All three are deployed to an RHN Server.
Here's a scenario: If you have one RHN Satellite Server and five RHN Proxy Servers, you will
generate one CA SSL key pair and six Web server SSL key sets. The CA SSL public certificate
is distributed to all systems and used by all clients to establish a connection to their respective
upstream servers. Each server has its own SSL key set that is specifically tied to that server's
hostname and generated using its own SSL private key and the CA SSL private key in
combination. This establishes a digitally verifiable association between the Web server's SSL
public certificate and the CA SSL key pair and server's private key. The Web server's key set
cannot be shared with other web servers.
Important
The most critical portion of this system is the CA SSL key pair. From that private
key and public certificate an administrator can regenerate any Web server's SSL
key set. This CA SSL key pair must be secured. It is highly recommended that
once the entire RHN infrastructure of servers is set up and running, you archive
the SSL build directory generated by this tool and/or the installers onto separate
media, write down the CA password, and secure the media and password in a
safe place.

2. The RHN SSL Maintenance Tool

Red Hat Network provides a command line tool to ease management of your secure
infrastructure: the RHN SSL Maintenance Tool, commonly known by its command
. This tool is available as part of the
rhn-ssl-tool
can be found within the software channels for the the latest RHN Proxy Server and RHN
Satellite Server (as well as the RHN Satellite Server ISO). RHN SSL Maintenance Tool
enables you to generate your own Certificate Authority SSL key pair, as well as Web server SSL
key sets (sometimes called key pairs).
This tool is only a build tool. It generates all of the SSL keys and certificates that are required. It
also packages the files in RPM format for quick distribution and installation on all client
machines. It does not deploy them, however. That is left to the administrator, or in many cases,
automated by the RHN Satellite Server.
Note
The
rhns-certs-tools
on any current Red Hat Enterprise Linux system with minimal requirements. This
12
rhns-certs-tools
, which contains
rhn-ssl-tool
package. This package
, can be installed and run