End-to-end HTTPS kickstart process with custom internal CAs
Hello Group,
We use an internal root & intermediate CA infrastructure for our SSL needs, rather than buying public root CA signed certs for all of our hosts. I suspect this is a rather common practice for other small-to-midsize enterprises using RedHat RHN Satellite, so I figured I'd ask a question and offer a howto if there exists the need:
Question: Is there a 'standard' (or automated) way of integrating custom CAs into the HTTPS kickstart process that I missed in the main documentation?
(This includes the initrd.img on the boot ISO/CD, and the install.img in the kickstart build tree)
Follow up offer: If there is not already a documented how-to for enabling end-to-end SSL kickstart builds with custom CA infra, post a reply so that I know there is interest enough in putting together a howto and I'll post how we're doing it at my organization.
Thanks,
- Kodiak Firesmith
Responses
Red Hat
Guru
4309 points
Hi Kodiak, and thanks for your post. I just wanted to let you know that we're looking into this and will get back to you soon.
Hello Kodiak, as long as the certificate chain is set up correctly, it *should* work. You may find the following solution helpful -
https://access.redhat.com/knowledge/solutions/15753 "How do I use a certificate from a third party Certificate Authority (CA) with my Red Hat Network Satellite or Proxy?"
"Follow up offer: If there is not already a documented how-to for enabling end-to-end SSL kickstart builds with custom CA infra, post a reply so that I know there is interest enough in putting together a howto and I'll post how we're doing it at my organization."
I would be interrested in the second part "install.img" in the kickstart build tree.
Thank you
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.