Ssl Generation Explained - Red Hat NETWORK SATELLITE 5.1.0 - CLIENT Configuration Manual

is offered as a convenience for administrators who wish to manage their SSL
infrastructure from their workstation or another system other than their RHN
Server(s).
Here are the cases in which the tool is required:
• When updating your CA public certificate - this is rare.
• When installing an RHN Proxy Server version 3.6 or later that connects to the central RHN
Servers as its top-level service - the hosted service, for security reasons, cannot be a
repository for your CA SSL key and certificate, which is private to your organization.
• When reconfiguring your RHN infrastructure to use SSL where it previously did not.
• When adding RHN Proxy Servers of versions prior to 3.6 into your RHN infrastructure.
• When adding multiple RHN Satellite Servers to your RHN infrastructure - consult with a Red
Hat representative for instructions regarding this.
Here are the cases in which the tool is not required:
• During installation of an RHN Satellite Server - all SSL settings are configured during the
installation process. The SSL keys and certificate are built and deployed automatically.
• During installation of an RHN Proxy Server version 3.6 or later if connected to an RHN
Satellite Server version 3.6 or later as its top-level service - the RHN Satellite Server contains
all of the SSL information needed to configure, build and deploy the RHN Proxy Server's SSL
keys and certificates.
The installation procedures of both the RHN Satellite Server and the RHN Proxy Server ensure
the CA SSL public certificate is deployed to the
certificate is used by the client systems to connect to the RHN Server. Refer to
"Deploying the CA SSL Public Certificate to Clients"
In short, if your organization's RHN infrastructure deploys the latest version of RHN Satellite
Server as its top-level service, you will likely have little need to use the tool. Otherwise, become
familiar with its usage.

2.1. SSL Generation Explained

The primary benefits of using the RHN SSL Maintenance Tool are security, flexibility, and
portability. Security is achieved through the creation of distinct Web server SSL keys and
certificates for each RHN server, all signed by a single Certificate Authority SSL key pair
created by your organization. Flexibility is supplied by the tool's ability to work on any machine
SSL Generation Explained
directory of each server. This public
/pub
for more information.
Section 3,
13