3.3. Deploying the CA SSL Public Certificate to Clients

Both the RHN Proxy Server and RHN Satellite Server installation processes make client deployment relatively easy by generating a CA SSL public certificate and RPM. These installation processes make those publicly available by placing a copy of one or both into the /var/www/html/pub/ directory of the RHN Server.

This public directory can be inspected easily by simply browsing to it via any web browser: http://proxy-or-sat.example.com/pub/.

The CA SSL public certificate in that directory can be downloaded to a client system using wget or curl. For example:

curl -O http://proxy-or-sat.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT

wget http://proxy-or-sat.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT

Alternatively, if the CA SSL public certificate RPM resides in the /pub directory, it can be installed on a client system directly:

rpm -Uvh \
http://proxy-or-sat.example.com/pub/rhn-org-trusted-ssl-cert-VER-REL.noarch.rpm

Confirm the actual name of the certificate or RPM before running these commands.