Generating the Certificate Authority SSL Key Pair15Option Description--cert-only Rarely used - Generate only a servercertificate. Review --gen-server --cert-only --help for more information.--rpm-only Rarely used - Generate only an RPM fordeployment. Review --gen-server --rpm-only --help for more information.--no-rpm Rarely used - Conduct all server-relatedsteps except RPM generation.--server-rpm=SERVER_RPM Rarely changed - RPM name that housesthe Web server's SSL key set (thebase filename, not filename-version-release.noarch.rpm).--server-tar=SERVER_TAR Rarely changed - Name of .tar archive ofthe Web server's SSL key set and CA publiccertificate that is used solely by the hostedRHN Proxy Server installation routines(the base filename, not filename-version-release.tar).Table 3.2. SSL Web Server Options (rhn-ssl-tool --gen-server --help)3.2.3. Generating the Certificate Authority SSL Key PairBefore creating the SSL key set required by the Web server, you must generate a Certificate Authority(CA) SSL key pair. A CA SSL public certificate is distributed to client systems of the Satellite or Proxy.The RHN SSL Maintenance Tool allows you to generate a CA SSL key pair if needed and re-use itfor all subsequent RHN server deployments.The build process automatically creates the key pair and public RPM for distribution to clients. All CAcomponents end up in the build directory specified at the command line, typically /root/ssl-build(or /etc/sysconfig/rhn/ssl for older Satellites and Proxies). To generate a CA SSL key pair,issue a command like this:rhn-ssl-tool --gen-ca --password=MY_CA_PASSWORD --dir="/root/ssl-build" \--set-state="North Carolina" --set-city="Raleigh" --set-org="Example Inc."\--set-org-unit="SSL CA Unit"Replace the example values with those appropriate for your organization. This will result in thefollowing relevant files in the specified build directory:• RHN-ORG-PRIVATE-SSL-KEY — the CA SSL private key• RHN-ORG-TRUSTED-SSL-CERT — the CA SSL public certificate• rhn-org-trusted-ssl-cert-VER-REL.noarch.rpm — the RPM prepared for distribution toclient systems. It contains the CA SSL public certificate (above) and installs it in this location: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT• rhn-ca-openssl.cnf — the SSL CA configuration file