Red Hat NETWORK SATELLITE 5.3.0 - CLIENT Configuration Manual

Also see for NETWORK SATELLITE 5.3.0 - CHANNEL MANAGEMENT: Installation guide Management guide Installation guide Release note Reference guide

Red Hat NETWORK SATELLITE 5.3.0 - CLIENT Configuration Manual Manual pdf 14 page image

Chapter 3. SSL Infrastructure10servers. Each server has its own SSL key set that is specifically tied to that server's hostname andgenerated using its own SSL private key and the CA SSL private key in combination. This establishesa digitally verifiable association between the Web server's SSL public certificate and the CA SSL keypair and server's private key. The Web server's key set cannot be shared with other web servers.ImportantThe most critical portion of this system is the CA SSL key pair. From that private keyand public certificate an administrator can regenerate any Web server's SSL key set.This CA SSL key pair must be secured. It is highly recommended that once the entireRHN infrastructure of servers is set up and running, you archive the SSL build directorygenerated by this tool and/or the installers onto separate media, write down the CApassword, and secure the media and password in a safe place.3.2. The RHN SSL Maintenance ToolRed Hat Network provides a command line tool to ease management of your secure infrastructure:the RHN SSL Maintenance Tool, commonly known by its command rhn-ssl-tool. This tool isavailable as part of the rhns-certs-tools package. This package can be found within the softwarechannels for the the latest RHN Proxy Server and RHN Satellite Server (as well as the RHN SatelliteServer ISO). RHN SSL Maintenance Tool enables you to generate your own Certificate Authority SSLkey pair, as well as Web server SSL key sets (sometimes called key pairs).This tool is only a build tool. It generates all of the SSL keys and certificates that are required. It alsopackages the files in RPM format for quick distribution and installation on all client machines. It doesnot deploy them, however. That is left to the administrator, or in many cases, automated by the RHNSatellite Server.NoteThe rhns-certs-tools, which contains rhn-ssl-tool, can be installed and run onany current Red Hat Enterprise Linux system with minimal requirements. This is offered asa convenience for administrators who wish to manage their SSL infrastructure from theirworkstation or another system other than their RHN Server(s).Here are the cases in which the tool is required:• When updating your CA public certificate - this is rare.• When installing an RHN Proxy Server version 3.6 or later that connects to the central RHN Serversas its top-level service - the hosted service, for security reasons, cannot be a repository for your CASSL key and certificate, which is private to your organization.• When reconfiguring your RHN infrastructure to use SSL where it previously did not.• When adding RHN Proxy Servers of versions prior to 3.6 into your RHN infrastructure.• When adding multiple RHN Satellite Servers to your RHN infrastructure - consult with a Red Hatrepresentative for instructions regarding this.Here are the cases in which the tool is not required: