that has the rhns-certs-tools package installed. Portability exists in a build structure that canbe stored anywhere for safe keeping and then installed wherever the need arises.Again, if your infrastructure's top-level RHN Server is the most current RHN Satellite Server, themost you may have to do is restore your ssl-build tree from an archive to the /root directoryand utilize the configuration tools provided within the RHN Satellite Server's website.To make the best use of the RHN SSL Maintenance Tool, complete the following high-leveltasks in roughly this order. Refer to the remaining sections for the required details:1. Install the rhns-certs-tools package on a system within your organization, perhaps but notnecessarily the RHN Satellite Server or RHN Proxy Server.2. Create a single Certificate Authority SSL key pair for your organization and install theresulting RPM or public certificate on all client systems.3. Create a Web server SSL key set for each of the Proxies and Satellites to be deployed andinstall the resulting RPMs on the RHN Servers, restarting the httpd service afterwards:/sbin/service httpd restart4. Archive the SSL build tree - consisting of the primary build directory and all subdirectoriesand files - to removable media, such as a floppy disk. (Disk space requirements areinsignificant.)5. Verify and then store that archive in a safe location, such as the one described for backups inthe Additional Requirements sections of either the Proxy or Satellite installation guide.6. Record and secure the CA password for future use.7. Delete the build tree from the build system for security purposes, but only once the entireRHN infrastructure is in place and configured.8. When additional Web server SSL key sets are needed, restore the build tree on a systemrunning the RHN SSL Maintenance Tool and repeat steps 3 through 7.2.2. RHN SSL Maintenance Tool OptionsThe RHN SSL Maintenance Tool offers a plethora of command line options for generating yourCertificate Authority SSL key pair and managing your server SSL certificates and keys. The tooloffers essentially three command line option help listings: rhn-ssl-tool --help (general),rhn-ssl-tool --gen-ca --help (Certificate Authority), and rhn-ssl-tool --gen-server--help (Web server). The manual page for rhn-ssl-tool is also quite detailed and available toassist: man rhn-ssl-tool.The two tables below break down the options by their related task, either CA or Web server SSLkey set generation.Chapter 3. SSL Infrastructure14