Chapter 7. Using Qpid SSL Certificates

This chapter shows you how to update Qpid SSL certficates generated by the nss-db-gen script.
The following certificates generated by nss-db-gen have an expiration date:
  • /etc/pki/rhua/qpid-ca.crt
  • /etc/pki/rhua/qpid-client.crt

Procedure 7.1. Checking Certificate Expiration Date

  1. To determine the expiration date of any of the three certificates, run this command: 
    # openssl x509 -text -in /etc/pki/rhua/$file | less
  2. Go to the Validity section to see the expiration date. 
    Validity

         Not After : Sep  9 12:41:20 2013 GMT

Procedure 7.2. Updating Qpid SSL Certificates

  1. On the Red Hat Update Appliance server, edit the nss-db-gen script with your preferred text editor. Change the VALID section to 48: 
    # vi /usr/bin/nss-db-gen
VALID="48"
  2. Execute the nss-db-gen script. 
    # nss-db-gen
  3. Edit the latest answers file. 
    # vi myanswersfile
    Update the version parameter to a higher number. For example, if the version is 1.1, update it to 1.2: 
    [general]
version: 1.2
  4. Execute rhui-installer using the updated answers file. 
    # rhui-installer myanswersfile
  5. Copy the updated configuration RPMs to the CDS servers. 
    # scp  /tmp/rhui/rh-cds1-config-1.2-2.el6.noarch.rpm root@host-cds1.com:/root
# scp  /tmp/rhui/rh-cds2-config-1.2-2.el6.noarch.rpm root@host-cds2.com:/root
  6. On the Red Hat Update Appliance server, install the configuration RPM. 
    # yum install /tmp/rhui/rh-rhua-config-1.2-2.el6.noarch.rpm
  7. On the CDS servers, install the configuration RPM.
    CDS1:

    # yum install rh-cds1-config-1.2-2.el6.noarch.rpm

    CDS2:

    # yum install rh-cds2-config-1.2-2.el6.noarch.rpm

Report a bug