Important
The most critical portion of this system is the CA SSL key pair. From that private key and public
certificate an administrator can regenerate any Web server's SSL key set. T his CA SSL key pair
must be secured. It is highly recommended that once the entire RHN infrastructure of servers is
set up and running, you archive the SSL build directory generated by this tool and/or the installers
onto separate media, write down the CA password, and secure the media and password in a safe
place.
3.2. The RHN SSL Maintenance Tool
Red Hat Network provides a command line tool to ease management of your secure infrastructure: the
RHN SSL Maintenance Tool, commonly known by its command rhn-ssl-tool. This tool is available
as part of the rhns-certs-tools package. This package can be found within the software channels
for the latest RHN Proxy Server and RHN Satellite Server (as well as the RHN Satellite Server ISO). RHN
SSL Maintenance Tool enables you to generate your own Certificate Authority SSL key pair, as well
as Web server SSL key sets (sometimes called key pairs).
This tool is only a build tool. It generates all of the SSL keys and certificates that are required. It also
packages the files in RPM format for quick distribution and installation on all client machines. It does not
deploy them, however. T hat is left to the administrator, or in many cases, automated by the RHN Satellite
Server.
Note
The rhns-certs-tools, which contains rhn-ssl-tool, can be installed and run on any
current Red Hat Enterprise Linux system with minimal requirements. This is offered as a
convenience for administrators who wish to manage their SSL infrastructure from their
workstation or another system other than their RHN Server(s).
Here are the cases in which the tool is required:
When updating your CA public certificate - this is rare.
When installing an RHN Proxy Server version 3.6 or later that connects to the central RHN Servers
as its top-level service - the hosted service, for security reasons, cannot be a repository for your CA
SSL key and certificate, which is private to your organization.
When reconfiguring your RHN infrastructure to use SSL where it previously did not.
When adding RHN Proxy Servers of versions prior to 3.6 into your RHN infrastructure.
When adding multiple RHN Satellite Servers to your RHN infrastructure - consult with a Red Hat
representative for instructions regarding this.
Here are the cases in which the tool is not required:
During installation of an RHN Satellite Server - all SSL settings are configured during the installation
process. T he SSL keys and certificate are built and deployed automatically.
During installation of an RHN Proxy Server version 3.6 or later if connected to an RHN Satellite
Server version 3.6 or later as its top-level service - the RHN Satellite Server contains all of the SSL
information needed to configure, build and deploy the RHN Proxy Server's SSL keys and certificates.
(42 Seiten)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern