8.2.2.2. Deploying Client SSL Certificates
To ensure secure data transfer, Red Hat strongly recommends the use of SSL. The RHN Satellite Server eases implementation of SSL by generating the necessary certificates during its installation. The server-side certificate is automatically installed on the Satellite itself, while the client certificate is placed in the
/pub/ directory of the Satellite's Web server.
To install the certificate, follow these steps for each client:
- Download the SSL certificate from the
/var/www/html/pub/directory of the RHN Satellite Server onto the client system. The certificate will be named something similar toRHN-ORG-TRUSTED-SSL-CERT. It is accessible via the web at the following URL:https://your-satellite.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT. - Move the client SSL certificate to the RHN-specific directory for your UNIX variant. For Solaris, this can be accomplished with a command similar to:
mv /path/to/RHN-ORG-TRUSTED-SSL-CERT /opt/redhat/rhn/solaris/usr/share/rhn/
When finished, the new client certificate will be installed in the appropriate directory for your UNIX system. If you have a large number of systems to prepare for RHN management, you may script this entire process.
Now you must reconfigure the RHN client applications to refer to the newly installed SSL certificate. Refer to Section 8.2.2.3, “Configuring the clients” for instructions.
