-
Language:
English
-
Language:
English
Chapter 7. Using Qpid SSL Certificates
This chapter shows you how to update Qpid SSL certficates generated by the nss-db-gen script.
The following certificates generated by
nss-db-gen
have an expiration date:
- /etc/pki/rhua/qpid-ca.crt
- /etc/pki/rhua/qpid-client.crt
Procedure 7.1. Checking Certificate Expiration Date
- To determine the expiration date of any of the three certificates, run this command:
# openssl x509 -text -in /etc/pki/rhua/$file | less
- Go to the
Validity
section to see the expiration date.Validity Not After : Sep 9 12:41:20 2013 GMT
Procedure 7.2. Updating Qpid SSL Certificates
- On the Red Hat Update Appliance server, edit the
nss-db-gen
script with your preferred text editor. Change theVALID
section to 48:# vi /usr/bin/nss-db-gen VALID="48"
- Execute the
nss-db-gen
script.# nss-db-gen
- Edit the latest answers file.
# vi myanswersfile
Update theversion
parameter to a higher number. For example, if theversion
is 1.1, update it to 1.2:[general] version: 1.2
- Execute
rhui-installer
using the updated answers file.# rhui-installer myanswersfile
- Copy the updated configuration RPMs to the CDS servers.
# scp /tmp/rhui/rh-cds1-config-1.2-2.el6.noarch.rpm root@host-cds1.com:/root # scp /tmp/rhui/rh-cds2-config-1.2-2.el6.noarch.rpm root@host-cds2.com:/root
- On the Red Hat Update Appliance server, install the configuration RPM.
# yum install /tmp/rhui/rh-rhua-config-1.2-2.el6.noarch.rpm
- On the CDS servers, install the configuration RPM.CDS1:
# yum install rh-cds1-config-1.2-2.el6.noarch.rpm
CDS2:# yum install rh-cds2-config-1.2-2.el6.noarch.rpm