/usr/share/rhn/RHN-ORG-TRUST ED-SSL-CERT
rhn-ca-openssl.cnf — the SSL CA configuration file
latest.txt — always lists the latest versions of the relevant files.
Once finished, you're ready to distribute the RPM to client systems. Refer to Section 3.3, “Deploying the
CA SSL Public Certificate to Clients”.
3.2.4. Generating Web Server SSL Key Sets
Although you must have a CA SSL key pair already generated, you will likely generate web server SSL
key sets more frequently, especially if more than one Proxy or Satellite is deployed. Note that the value
for --set-hostname is different for each server. In other words, a distinct set of SSL keys and
certificates must be generated and installed for every distinct RHN server hostname.
The server certificate build process works much like CA SSL key pair generation with one exception: All
server components end up in subdirectories of the build directory that reflect the build system's machine
name, such as /root/ssl-build/MACHINE_NAME. To generate server certificates, issue a command
like this:
rhn-ssl-tool --gen-server --password=MY_CA_PASSWORD --dir="/root/ssl-build" \
--set-state="North Carolina" --set-city="Raleigh" --set-org="Example Inc." \
--set-org-unit="IS/IT" --set-email="adm in@example.com" \
--set-hostname="rhnbox1.example.com
Replace the example values with those appropriate for your organization. This will result in the following
relevant files in a machine-specific subdirectory of the build directory:
server.key — the Web server's SSL private server key
server.csr — the Web server's SSL certificate request
server.crt — the web server's SSL public certificate
rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm — the RPM prepared
for distribution to RHN Servers. Its associated src.rpm file is also generated. This RPM contains the
above three files. It will install them in these locations:
/etc/httpd/conf/ssl.key/server.key
/etc/httpd/conf/ssl.csr/server.csr
/etc/httpd/conf/ssl.crt/server.crt
rhn-server-openssl.cnf — the Web server's SSL configuration file
latest.txt — always lists the latest versions of the relevant files.
Once finished, you're ready to distribute and install the RPM on its respective RHN Server. Note that the
httpd service must be restarted after installation:
/sbi n/service httpd restart
3.3. Deploying the CA SSL Public Certificate to Clients
Both the RHN Proxy Server and RHN Satellite Server installation processes make client deployment
relatively easy by generating a CA SSL public certificate and RPM. These installation processes make
those publicly available by placing a copy of one or both into the /var/www/htm l/pub/ directory of the
RHN Server.
(42 strony)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji