Red Hat NETWORK 3.6 - Dokumentacja Pobierz pdf (Strona 15)

The installation procedures of both the RHN Satellite Server and the RHN Proxy Server ensure the CA

SSL public certificate is deployed to the /pub directory of each server. This public certificate is used by

the client systems to connect to the RHN Server. Refer to Section 3.3, “Deploying the CA SSL Public

Certificate to Clients” for more information.

In short, if your organization's RHN infrastructure deploys the latest version of RHN Satellite Server as

its top-level service, you will likely have little need to use the tool. Otherwise, become familiar with its

usage.

3.2.1. SSL Generation Explained

The primary benefits of using the RHN SSL Maint enance Tool are security, flexibility, and portability.

Security is achieved through the creation of distinct Web server SSL keys and certificates for each RHN

server, all signed by a single Certificate Authority SSL key pair created by your organization. Flexibility is

supplied by the tool's ability to work on any machine that has the rhns-certs-tools package

installed. Portability exists in a build structure that can be stored anywhere for safe keeping and then

installed wherever the need arises.

Again, if your infrastructure's top-level RHN Server is the most current RHN Satellite Server, the most

you may have to do is restore your ssl-build tree from an archive to the /root directory and utilize

the configuration tools provided within the RHN Satellite Server's website.

To make the best use of the RHN SSL Maintenance Tool, complete the following high-level tasks in

roughly this order. Refer to the remaining sections for the required details:

1. Install the rhns-certs-tools package on a system within your organization, perhaps but not

necessarily the RHN Satellite Server or RHN Proxy Server.

2. Create a single Certificate Authority SSL key pair for your organization and install the resulting

RPM or public certificate on all client systems.

3. Create a Web server SSL key set for each of the Proxies and Satellites to be deployed and install

the resulting RPMs on the RHN Servers, restarting the httpd service afterwards:

/sbi n/service httpd restart

4. Archive the SSL build tree - consisting of the primary build directory and all subdirectories and files

- to removable media, such as a floppy disk. (Disk space requirements are insignificant.)

5. Verify and then store that archive in a safe location, such as the one described for backups in the

Additional Requirements sections of either the Proxy or Satellite installation guide.

6. Record and secure the CA password for future use.

7. Delete the build tree from the build system for security purposes, but only once the entire RHN

infrastructure is in place and configured.

8. When additional Web server SSL key sets are needed, restore the build tree on a system running

the RHN SSL Maintenance Tool and repeat steps 3 through 7.

3.2.2. RHN SSL Maintenance Tool Options

The RHN SSL Maintenance Tool offers a plethora of command line options for generating your

Certificate Authority SSL key pair and managing your server SSL certificates and keys. The tool offers

essentially three command line option help listings: rhn-ssl-tool --help (general), rhn-ssl-tool

--gen-ca --help (Certificate Authority), and rhn-ssl-tool --gen-server --help (Web

server). The manual page for rhn-ssl-tool is also quite detailed and available to assist: m an rhn-ssl-

tool.

The two tables below break down the options by their related task, either CA or Web server SSL key set

Red Hat Network Satellite 5.4 Client Configuration Guide

1 2 ... 10 11 12 13 14 15 16 17 18 19 20 ... 41 42

Komentarze do niniejszej Instrukcji

Brak uwag

Red Hat NETWORK 3.6 - Dokumentacja Strona 15

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Serwery Red Hat NETWORK 3.6 -