Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
Chapter 3. Authenticating API Calls
Interaction with the Satellite API requires authentication. You can download the Satellite Server CA certificate to your local host for use in each API request to provide SSL authentication. Each API request also requires a valid user name and password. Each of these is discussed in the following sections.
3.1. Using SSL Authentication
Copia collegamentoCollegamento copiato negli appunti!
Red Hat Satellite uses HTTPS, which provides a degree of encryption and identity verification when communicating with a Red Hat Satellite Server. Non-SSL communications are not supported by Satellite 6.
Each Red Hat Satellite Server uses a self signed certificate. This certificate acts as both the server certificate to verify the encryption key and the certificate authority (CA) to trust the identity of the Satellite Server. The following steps show how to set up a SSL authentication for the Satellite Server (in this case satellite6.example.com):
- Obtain a certificate from the Satellite Server with which you want to communicate (satellite6.example.com) using one of the following options:
- To obtain a certificate using SSH, run the following command:
scp root@satellite6.example.com:/var/www/html/pub/katello-server-ca.crt ./
$ scp root@satellite6.example.com:/var/www/html/pub/katello-server-ca.crt ./scp root@satellite6.example.com:/var/www/html/pub/katello-server-ca.crt ./scp root@satellite6.example.com:/var/www/html/pub/katello-server-ca.crt ./Copy to Clipboard Copied! Toggle word wrap Toggle overflow - If you execute the command directly on the Satellite Server, obtain a certificate from the locally available copy by running the following command:
cp /var/www/html/pub/katello-server-ca.crt ./
$ cp /var/www/html/pub/katello-server-ca.crt ./Copy to Clipboard Copied! Toggle word wrap Toggle overflow - To obtain a certificate using HTTP, run the following command:
curl -O http://satellite6.example.com/pub/katello-server-ca.crt
$ curl -O http://satellite6.example.com/pub/katello-server-ca.crtcurl -O http://satellite6.example.com/pub/katello-server-ca.crtcurl -O http://satellite6.example.com/pub/katello-server-ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow Warning
Retrieving a certificate using an unencrypted HTTP connection might present a security risk.
- Use the certificate on your client as a certificate authority to verify the identity of the Satellite Server:
curl -X GET -u sat_username:sat_password \ -H "Accept:application/json" --cacert katello-server-ca.crt \ https://satellite6.example.com/katello/api/organizations
$ curl -X GET -u sat_username:sat_password \curl -X GET -u sat_username:sat_password \curl -X GET -u sat_username:sat_password \curl -X GET -u sat_username:sat_password \curl -X GET -u sat_username:sat_password \ -H "Accept:application/json" --cacert katello-server-ca.crt \ https://satellite6.example.com/katello/api/organizationshttps://satellite6.example.com/katello/api/organizationshttps://satellite6.example.com/katello/api/organizationsCopy to Clipboard Copied! Toggle word wrap Toggle overflow GETis the default action and therefore-X GETattribute can be omitted here. - Create a Network Security Services (NSS) database to store the certificate:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow If the NSS database already exists you will be prompted for the password as follows:Enter Password or Pin for "NSS Certificate DB":
Enter Password or Pin for "NSS Certificate DB":Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Use the following command to permanently include the certificate in the NSS database:
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "Red Hat Satellite" \ -i katello-server-ca.crt
$ certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "Red Hat Satellite" \ -i katello-server-ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow This imports the certificate into the NSS database, which means you can omit the--cacertoption for each request. You can test this as follows:Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}