Show Table of Contents
2.3.2. Configuring Red Hat Satellite with a Custom Server Certificate
katello-installer comes with a default CA used both for the server ssl certificates as well as the client certificates used for authentication of the subservices. These certificates can be replaced with custom ones.
There are two instances wherein you can configure the Satellite Server to use a custom CA certificate:
- When
katello-installeris run the first time - After
katello-installerhas already been run
Procedure 2.4. Setting a Custom Server Certificate while running katello-installer for the first time
- Run this command on the Red Hat Satellite Server:
katello-installer --certs-server-cert ~/path/to/server.crt\ --certs-server-cert-req ~/path/to/server.crt.req\ --certs-server-key ~/path/to/server.crt.key\ --certs-server-ca-cert ~/path/to/cacert.crtWhere:certs-server-certis the path to your certificate, signed by your certificate authority (or self signed)certs-server-cert-reqis the path to your certificate signing request file that was used to create the certificate.certs-server-keythe private key used to sign the certificatecerts-server-ca-cert~/path/to/cacert.crt the path to the CA certificate on this system.
Procedure 2.5. Setting a Custom Server Certificate after running katello-installer
- The initial run of
katello-installeruses the default CA for both server and client certificates. To enforce custom certificates deployment, set the--certs-update-serverparameter and the--certs-update-server-caparameter to update the CA certificate:katello-installer --certs-server-cert ~/path/to/server.crt\ --certs-server-cert-req ~/path/to/server.crt.req\ --certs-server-key ~/path/to/server.crt.key\ --certs-server-ca-cert ~/path/to/cacert.crt\ --certs-update-server --certs-update-server-ca
This will regenerate the katello-ca-consumer package and the server CA certificate. - After the server CA changes, install the new version of the consumer-ca-consumer package on the client systems:
rpm -Uvh http://katello.example.com/pub/katello-ca-consumer-latest.noarch.rpm
Important
Use the same custom server certificate on both the Red Hat Satellite Server and the Red Hat Satellite Capsule Server to ensure that the trusted relationship between the two hosts is maintained.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.