Deploying The Ca Ssl Public Certificate To Clients; Configuring Client Systems - Red Hat NETWORK SATELLITE 5.3.0 - CLIENT Configuration Manual

Deploying the CA SSL Public Certificate to Clients

3.3. Deploying the CA SSL Public Certificate to Clients
Both the RHN Proxy Server and RHN Satellite Server installation processes make client deployment
relatively easy by generating a CA SSL public certificate and RPM. These installation processes make
those publicly available by placing a copy of one or both into the /var/www/html/pub/ directory of
the RHN Server.
This public directory can be inspected easily by simply browsing to it via any web browser: http://
proxy-or-sat.example.com/pub/.
The CA SSL public certificate in that directory can be downloaded to a client system using wget or
curl. For example:
curl -O http://proxy-or-sat.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT
wget http://proxy-or-sat.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT
Alternatively, if the CA SSL public certificate RPM resides in the /pub directory, it can be installed on a
client system directly:
rpm -Uvh \
http://proxy-or-sat.example.com/pub/rhn-org-trusted-ssl-cert-VER-
REL.noarch.rpm
Confirm the actual name of the certificate or RPM before running these commands.

3.4. Configuring Client Systems

Once the RPM or raw certificate has been deployed to a client system, the administrator of that
system must then alter the configuration files of the Red Hat Update Agent and the Red Hat Network
Registration Client (if necessary) to use the new CA SSL public certificate file and connect to the
appropriate RHN Proxy Server or RHN Satellite Server. The generally accepted location for that CA
SSL public certificate is in the /usr/share/rhn directory.
The RHN Proxy Server and RHN Satellite Server both have RHN Bootstrap installed by default,
which can greatly reduce these repetitive steps and simplify the process of registering and configuring
Chapter 5, Using RHN Bootstrap
client systems. Please refer for details.
17