Replace the example values with those appropriate for your organization. This will result in thefollowing relevant files in a machine-specific subdirectory of the build directory:• server.key — the Web server's SSL private server key• server.csr — the Web server's SSL certificate request• server.crt — the web server's SSL public certificate• rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm — the RPM preparedfor distribution to RHN Servers. Its associated src.rpm file is also generated. This RPMcontains the above three files. It will install them in these locations:• /etc/httpd/conf/ssl.key/server.key• /etc/httpd/conf/ssl.csr/server.csr• /etc/httpd/conf/ssl.crt/server.crt• rhn-server-openssl.cnf — the Web server's SSL configuration file• latest.txt — always lists the latest versions of the relevant files.Once finished, you're ready to distribute and install the RPM on its respective RHN Server. Notethat the httpd service must be restarted after installation:/sbin/service httpd restart3. Deploying the CA SSL Public Certificate to ClientsBoth the RHN Proxy Server and RHN Satellite Server installation processes make clientdeployment relatively easy by generating a CA SSL public certificate and RPM. Theseinstallation processes make those publicly available by placing a copy of one or both into the/var/www/html/pub/ directory of the RHN Server.This public directory can be inspected easily by simply browsing to it via any web browser:http://proxy-or-sat.example.com/pub/.The CA SSL public certificate in that directory can be downloaded to a client system using wgetor curl. For example:curl -O http://proxy-or-sat.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT wgethttp://proxy-or-sat.example.com/pub/RHN-ORG-TRUSTED-SSL-CERTAlternatively, if the CA SSL public certificate RPM resides in the /pub directory, it can beinstalled on a client system directly:Chapter 3. SSL Infrastructure20