Show Table of Contents
4.3. Generating and Using Multi-host SSL Certificates
You need to generate multi-host SSL certificates to take advantage of the ability to use CNAME records on the Satellite Proxy server. You also need to update the
rhn-ca-openssl.cnf file to ensure that the Satellite Proxy server is aware of and uses these certificates.
Procedure 4.2. To Update the SSL Configuration File to use Multi-host Certificates:
- Edit the
/root/ssl-build/rhn-ca-openssl.cnffile and locate the [CA_default] section. - Ensure the entry
copy_extensions = copyexists and is not commented out. - Save and close the file.
Important
You need to complete the above step before you run
configure-proxy.sh with SSL_CNAME set, or the installation will fail.
You also need to update your answers file so that the Satellite Proxy configuration will use the new SSL certificates created previously.
Procedure 4.3. To Update the Answers File to Use Multi-host SSL Certificates:
- Edit the
answers.txtfile that you created for the initial Satellite Proxy installation. If you did not create such a file, you can find an example setup in/usr/share/doc/spacewalk-setup-<version>/answers.txt. - Ensure the following line exists, and is not commented out:
SSL_CNAME = (cname01 cname02 cname03)
- Run the
configure-proxy.shscript with the--answer-fileoption to generate the multi-host SSL certificate. For example:# configure-proxy.sh --answer-file=</path/to/answers.txt>
Note
You can run theconfigure-proxy.shscript multiple times to test or update configurations, as required.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.