Show Table of Contents
Chapter 7. Using Qpid SSL Certificates
This chapter shows you how to update Qpid SSL certficates generated by the nss-db-gen script.
The following certificates generated by
nss-db-gen have an expiration date:
- /etc/pki/rhua/qpid-ca.crt
- /etc/pki/rhua/qpid-client.crt
Procedure 7.1. Checking Certificate Expiration Date
- To determine the expiration date of any of the three certificates, run this command:
# openssl x509 -text -in /etc/pki/rhua/$file | less
- Go to the
Validitysection to see the expiration date.Validity Not After : Sep 9 12:41:20 2013 GMT
Procedure 7.2. Updating Qpid SSL Certificates
- On the Red Hat Update Appliance server, edit the
nss-db-genscript with your preferred text editor. Change theVALIDsection to 48:# vi /usr/bin/nss-db-gen VALID="48"
- Execute the
nss-db-genscript.# nss-db-gen
- Edit the latest answers file.
# vi myanswersfile
Update theversionparameter to a higher number. For example, if theversionis 1.1, update it to 1.2:[general] version: 1.2
- Execute
rhui-installerusing the updated answers file.# rhui-installer myanswersfile
- Copy the updated configuration RPMs to the CDS servers.
# scp /tmp/rhui/rh-cds1-config-1.2-2.el6.noarch.rpm root@host-cds1.com:/root # scp /tmp/rhui/rh-cds2-config-1.2-2.el6.noarch.rpm root@host-cds2.com:/root
- On the Red Hat Update Appliance server, install the configuration RPM.
# yum install /tmp/rhui/rh-rhua-config-1.2-2.el6.noarch.rpm
- On the CDS servers, install the configuration RPM.CDS1:
# yum install rh-cds1-config-1.2-2.el6.noarch.rpm
CDS2:# yum install rh-cds2-config-1.2-2.el6.noarch.rpm
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.