Red Hat NETWORK 3.6 - Spezifikationen PDF herunterladen (Seite 20)

-v, --verbose Display verbose messaging. Accumulative -

added "v"s result in increasing detail.

--key-only Rarely used - Generate only a server

private key. Review --gen-server --

key-only --help for more information.

--cert-req-only Rarely used - Generate only a server

certificate request. Review --gen-server

--cert-req-only --help for more

information.

--cert-only Rarely used - Generate only a server

certificate. Review --gen-server --

cert-only --help for more information.

--rpm -only Rarely used - Generate only an RPM for

deployment. Review --gen-server --

rpm-only --help for more information.

--no-rpm Rarely used - Conduct all server-related

steps except RPM generation.

--server-rpm=SERVER_RPM Rarely changed - RPM name that houses

the Web server's SSL key set (the base

filename, not filename-version-

release.noarch.rpm).

--server-tar=SERVER_TAR Rarely changed - Name of .tar archive of

the Web server's SSL key set and CA

public certificate that is used solely by the

hosted RHN Proxy Server installation

routines (the base filename, not filename-

version-release.tar).

3.2.3. Generating the Certificate Authority SSL Key Pair

Before creating the SSL key set required by the Web server, you must generate a Certificate Authority

(CA) SSL key pair. A CA SSL public certificate is distributed to client systems of the Satellite or Proxy.

The RHN SSL Maintenance Tool allows you to generate a CA SSL key pair if needed and re-use it for

all subsequent RHN server deployments.

The build process automatically creates the key pair and public RPM for distribution to clients. All CA

components end up in the build directory specified at the command line, typically /root/ssl-build (or

/etc/sysconfig/rhn/ssl for older Satellites and Proxies). To generate a CA SSL key pair, issue a

command like this:

rhn-ssl-tool --gen-ca --password=MY_CA_PASSWORD --dir="/root/ssl-build" \

--set-state="North Carolina" --set-city="Raleigh" --set-org="Example Inc." \

--set-org-unit="SSL CA Unit"

Replace the example values with those appropriate for your organization. This will result in the following

relevant files in the specified build directory:

RHN-ORG-PRIVAT E-SSL-KEY — the CA SSL private key

RHN-ORG-TRUSTED-SSL-CERT — the CA SSL public certificate

rhn-org-trusted-ssl-cert-VER-REL.noarch.rpm — the RPM prepared for distribution to

client systems. It contains the CA SSL public certificate (above) and installs it in this location:

Chapter 3. SSL Infrastructure

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 41 42

Kommentare zu diesen Handbüchern

Keine Kommentare

Red Hat NETWORK 3.6 - Spezifikationen Seite 20

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Server Red Hat NETWORK 3.6 -