Red Hat Summit2.6. Configuring Capsule Server with SSL Certificates
Red Hat Satellite uses SSL certificates to enable encrypted communications between Satellite Server, external Capsule Servers, and all hosts. Depending on the requirements of your organization, you must configure your Capsule Server with a default or custom certificate.
- If you use a default SSL certificate, you must also configure each external Capsule Server with a distinct default SSL certificate. For more information, see 「Configuring Capsule Server with a Default SSL Certificate」.
- If you use a custom SSL certificate, you must also configure each external Capsule Server with a distinct custom SSL certificate. For more information, see 「Configuring Capsule Server with a Custom SSL Certificate」.
2.6.1. Configuring Capsule Server with a Default SSL Certificate
Use this section to configure Capsule Server with an SSL certificate that is signed by the Satellite Server default Certificate Authority (CA).
Prerequisites
Before configuring Capsule Server with a default server certificate, ensure that your Capsule Server meets the following conditions:
- Capsule Server is registered to Satellite Server. For more information, see 「Registering to Satellite Server」.
- The Capsule Server packages are installed. For more information, see 「Installing Capsule Server Packages」.
Procedure
To configure Capsule Server with a default server certificate, complete the following steps:
On Satellite Server, to store all the source certificate files for your Capsule Server, create a directory that is accessible only to the
rootuser, for example/root/capsule_cert:mkdir /root/capsule_cert
# mkdir /root/capsule_certCopy to Clipboard Copied! Toggle word wrap Toggle overflow On Satellite Server, generate the
/root/capsule_cert/capsule_certs.tarcertificate archive for your Capsule Server:capsule-certs-generate \ --foreman-proxy-fqdn capsule.example.com \ --certs-tar /root/capsule_cert/capsule_certs.tar
# capsule-certs-generate \ --foreman-proxy-fqdn capsule.example.com \ --certs-tar /root/capsule_cert/capsule_certs.tarCopy to Clipboard Copied! Toggle word wrap Toggle overflow Retain a copy of the
satellite-installercommand that thecapsule-certs-generatecommand returns for deploying the certificate to your Capsule Server.Example output of
capsule-certs-generateCopy to Clipboard Copied! Toggle word wrap Toggle overflow On Satellite Server, copy the certificate archive file to your Capsule Server:
scp /root/capsule_cert/capsule.example.com-certs.tar \ root@capsule.example.com:/root/capsule.example.com-certs.tar
# scp /root/capsule_cert/capsule.example.com-certs.tar \ root@capsule.example.com:/root/capsule.example.com-certs.tarCopy to Clipboard Copied! Toggle word wrap Toggle overflow On Capsule Server, to deploy the certificate, enter the
satellite-installercommand that thecapsule-certs-generatecommand returns.When network connections or ports to Satellite are not yet open, you can set the
--foreman-proxy-register-in-foremanoption tofalseto prevent Capsule from attempting to connect to Satellite and reporting errors. Run the installer again with this option set totruewhen the network and firewalls are correctly configured.重要Do not delete the certificate archive file after you deploy the certificate. It is required, for example, when upgrading Capsule Server.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}