From 125af0d5530475e5bfd503ce60643aacae541df5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Thu, 20 Nov 2025 15:10:06 +0100 Subject: [PATCH 1/2] =?UTF-8?q?Explain=20how=20to=20generate=20the=20proxy?= =?UTF-8?q?=20SSL=E2=80=AFcerts=20for=20a=20peripheral=20server?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 1 + .../snippet-generate_proxy_config.adoc | 22 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index dd1c08b62da..a5243c8fec7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,4 @@ +- Explain how to generate the proxy certificates on a peripheral server (bsc#1249425) - Added precisions on the intermediate CA certificates to Administration Guide (bsc#1253735) - Improved procedure formatting for better clarity in Administration Guide (bsc#1253660) diff --git a/modules/installation-and-upgrade/partials/snippet-generate_proxy_config.adoc b/modules/installation-and-upgrade/partials/snippet-generate_proxy_config.adoc index cb11b36e855..f86beee6ab2 100644 --- a/modules/installation-and-upgrade/partials/snippet-generate_proxy_config.adoc +++ b/modules/installation-and-upgrade/partials/snippet-generate_proxy_config.adoc @@ -21,6 +21,28 @@ For Podman deployment, the container host for the {productname} Proxy must be re If a proxy FQDN is used to generate a proxy container configuration that is not a registered client (as in the Kubernetes use case), a new system entry will appear in system list. This new entry will be shown under previously entered Proxy FQDN value and will be of [literal]``Foreign`` system type. +[NOTE] +==== +Peripheral servers are always using third-party SSL certificates. +If the hub server has generated the certificates for the peripheral server, it needs to generate the certificate of each proxy too. + +On the hub server, run the following command. + +[source,shell] +---- +mgrctl exec -ti -- rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \ + --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \ + --set-org-unit="ORGANIZATION UNIT" --set-email="name@example.com" \ + --set-hostname=PROXY --set-cname="proxy.example.com" +---- + +The files to use will be + +. [litteral]``/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT`` as the root CA, +. [litteral]``/root/ssl-build//server.crt`` as the proxy certificate and +. [litteral]``/root/ssl-build//server.key`` as the proxy certificate's key. +==== + // tag::generate-proxy-config-section[] === Generate the Proxy Configuration with {webui} From 51d0d208605889c3d6a63d9d795b72114bec9932 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ornela=20Mari=C4=87?= Date: Thu, 20 Nov 2025 16:32:45 +0100 Subject: [PATCH 2/2] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a5243c8fec7..1f032fe3eea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -- Explain how to generate the proxy certificates on a peripheral server (bsc#1249425) +- Explained how to generate the proxy certificates on a peripheral server (bsc#1249425) - Added precisions on the intermediate CA certificates to Administration Guide (bsc#1253735) - Improved procedure formatting for better clarity in Administration Guide (bsc#1253660)