Show Table of Contents
Chapter 2. Authentication
2.1. Using SSL Authentication
Red Hat Satellite uses HTTPS [1] over SSL, which provides a degree of encryption and identity verification when communicating with a Red Hat Satellite host.
Each Red Hat Satellite host uses a self-signed certificate. This certificate acts as both the server certificate to verify the encryption key and the certificate authority (CA) to trust the identity of the Red Hat Satellite server.
Procedure 2.1. Obtaining a Certificate
This method uses SSH to copy the server's self-signed certificate.
- Use
sshto connect to your Satellite server as therootuser:# ssh root@satellite.example.com
- Search your server's configuration directory for the certificate location:
# grep -r "SSLCertificateFile" /etc/httpd/conf.d
Note
The default location of self-signed certificates is usually/var/www/html/pub/katello-server-ca.crt. - Copy this certificate to your client.
# scp /path/to/ca-cert-file username@client:~/
Use this certificate on your client as a certificate authority (CA) to verify the identity of the host server.
You can use the
--cacert option with the curl command as follows:
# curl -X GET -u admin:changeme -H "Accept:application/json" --cacert /path/to/ca-cert-file https://satellite.example.com/katello/api/organizations
Use the following command to permanently include the certificate in the
curl CA store:
# certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "Red Hat Satellite" -i /path/to/ca-cert-file
This imports the certificate into the Network Security Services (NSS) database, which means you can omit the
--cacert option for each request.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.