2.3.2. Configuring Red Hat Satellite with a Custom Server Certificate

Procedure 2.4. Setting a Custom Server Certificate while running katello-installer for the first time

• Run this command on the Red Hat Satellite Server:

  katello-installer --certs-server-cert ~/path/to/server.crt\
                    --certs-server-cert-req ~/path/to/server.crt.req\
                    --certs-server-key ~/path/to/server.crt.key\
                    --certs-server-ca-cert ~/path/to/cacert.crt
  

  Copy to Clipboard Toggle word wrap
  Where:

  • certs-server-cert is the path to your certificate, signed by your certificate authority (or self signed)
  • certs-server-cert-req is the path to your certificate signing request file that was used to create the certificate.
  • certs-server-key the private key used to sign the certificate
  • certs-server-ca-cert ~/path/to/cacert.crt the path to the CA certificate on this system.

Procedure 2.5. Setting a Custom Server Certificate after running katello-installer

1. The initial run of katello-installer uses the default CA for both server and client certificates. To enforce custom certificates deployment, set the --certs-update-server parameter and the --certs-update-server-ca parameter to update the CA certificate:

   katello-installer --certs-server-cert ~/path/to/server.crt\ --certs-server-cert-req ~/path/to/server.crt.req\ --certs-server-key ~/path/to/server.crt.key\ --certs-server-ca-cert ~/path/to/cacert.crt\ --certs-update-server --certs-update-server-ca
   

   Copy to Clipboard Toggle word wrap
   This will regenerate the katello-ca-consumer package and the server CA certificate.
2. After the server CA changes, install the new version of the consumer-ca-consumer package on the client systems:

   rpm -Uvh http://katello.example.com/pub/katello-ca-consumer-latest.noarch.rpm
   

   Copy to Clipboard Toggle word wrap