How to setup Red Hat Satellite 6 with custom SSL certificates or renew existing?
Environment
- Red Hat® Satellite 6
- Red Hat® Capsule 6
Issue
- How do I setup Red Hat Satellite v6 with my own SSL certificates or renew existing?
- We have our own CA here and would like to create a ssl cert to replace the one that is currently on our new satellite 6 server. What is the process to do that so that we have a signed certificate and don't get the warnings in our browsers that the satellite server is not a trusted site?
Resolution
Video Walkthrough
Documented Instructions
Important Notes
-
In case of renewal of existing certificates, procure new certificates from the CA which signed the existing certificates. Place the new certificates in the location of the old certificates and follow the steps to install them according to the satellite version as mentioned above.
-
If your Satellite server is configured to use custom certificates, then all the external Capsule servers must be configured with external certificates too - and the certificates must be signed/issued by the same CA that signed/issued the Satellite certificate.
-
It is recommended to verify certificates using the
katello-certs-checkscript (available since Sat6.1) before using them. -
If you need to remove the passphrase from the custom SSL certificate, please follow the solution : [Satellite] satellite-installer fails with the error: 'Enter pass phrase:Apache:mod_ssl:Error: Private key not found
-
For more KB articles/solutions related to Red Hat Satellite 6.x SSL Certificates Issues, please refer to the Consolidated Troubleshooting Article for Red Hat Satellite 6.x SSL Certificates Issues
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.