7.7. Managing Secure Connections to the Subscription Server

Red Hat Subscription Manager assumes, by default, that the subscription clients connect to the subscription service using a secure (SSL) connection. This requires that the CA certificate of the subscription service be downloaded and available locally for the client and that the appropriate connections be configured.
For example:
[root@server1 ~]# subscription-manager config --server.insecure=1 --server.proxy_port=8080 --server.ca_cert_dir=/etc/rhsm/ca --server.port=443
All connection parameters are described in Table 7, “rhsm.conf Parameters”. There are three parameters directly related to the secure connection:
  • insecure to set whether to use a secure (0) or insecure (1) connection
  • ca_cert_dir for the directory location for the CA certificate for authentication and verification
  • port for the subscription service port; this should be an SSL port if a secure connection is required
There is also an optional parameter to set how far in a certificate chain to go to validate a certificate. By default, this is three, meaning the server validates three CAs back in the issuing chain.
ssl_verify_depth = 3