3.11.2. Deploying a Custom SSL Certificate to Satellite Server
Use this procedure to configure your Satellite Server to use a custom SSL certificate signed by a Certificate Authority. The katello-certs-check command validates the input certificate files and returns the commands necessary to deploy a custom SSL certificate to Satellite Server.
Procedure
Validate the custom SSL certificate input files. Note that for the
katello-certs-checkcommand to work correctly, Common Name (CN) in the certificate must match the FQDN of Satellite Server.# katello-certs-check \ -c /root/satellite_cert/satellite_cert.pem \ 1 -k /root/satellite_cert/satellite_cert_key.pem \ 2 -b /root/satellite_cert/ca_cert_bundle.pem 3
If the command is successful, it returns two
satellite-installercommands, one of which you must use to deploy a certificate to Satellite Server.Example output of
katello-certs-checkValidation succeeded. To install the Red Hat Satellite Server with the custom certificates, run: satellite-installer --scenario satellite \ --certs-server-cert "/root/satellite_cert/satellite_cert.pem" \ --certs-server-key "/root/satellite_cert/satellite_cert_key.pem" \ --certs-server-ca-cert "/root/satellite_cert/ca_cert_bundle.pem" To update the certificates on a currently running Red Hat Satellite installation, run: satellite-installer --scenario satellite \ --certs-server-cert "/root/satellite_cert/satellite_cert.pem" \ --certs-server-key "/root/satellite_cert/satellite_cert_key.pem" \ --certs-server-ca-cert "/root/satellite_cert/ca_cert_bundle.pem" \ --certs-update-server --certs-update-server-caFrom the output of the
katello-certs-checkcommand, depending on your requirements, enter thesatellite-installercommand that installs a new Satellite with custom SSL certificates or updates certificates on a currently running Satellite.If you are unsure which command to run, you can verify that Satellite is installed by checking if the file
/etc/foreman-installer/scenarios.d/.installedexists. If the file exists, run the secondsatellite-installercommand that updates certificates.重要Do not delete the certificate archive file after you deploy the certificate. It is required, for example, when upgrading Satellite Server.
-
On a computer with network access to Satellite Server, navigate to the following URL:
https://satellite.example.com. - In your browser, view the certificate details to verify the deployed certificate.