diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d2a2c22c69..e943b90b647 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,4 @@ +- Explained how to generate the DB certificate for the upgrade of a 5.0 peripheral server (bsc#1248282) - Explained how to generate the proxy certificates on a peripheral server (bsc#1249425) - Fixed the issue with importing SSL certificates in Administration Guide (bsc#1253382) diff --git a/modules/installation-and-upgrade/pages/container-deployment/mlm/migrations/server/server-mlm-50-51.adoc b/modules/installation-and-upgrade/pages/container-deployment/mlm/migrations/server/server-mlm-50-51.adoc index 09cecf7d85d..f1e4a85c3c6 100644 --- a/modules/installation-and-upgrade/pages/container-deployment/mlm/migrations/server/server-mlm-50-51.adoc +++ b/modules/installation-and-upgrade/pages/container-deployment/mlm/migrations/server/server-mlm-50-51.adoc @@ -21,6 +21,27 @@ endif::[] During a migration the server SSL certificate and CA chain are copied from the source server, meaning that only the database certificates are required +[NOTE] +==== +{productname} 5.0 peripheral servers are always using third-party SSL certificates. +If the hub server has generated the certificates for the peripheral server, it needs to generate the certificate for the peripheral database too. + +On the hub server, run the following command for each of the peripheral server to migrate. + +[source,shell] +---- +mgrctl exec -ti -- rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \ + --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \ + --set-org-unit="ORGANIZATION UNIT" --set-email="name@example.com" \ + --set-hostname=-reportdb --set-cname="example.com" --set-cname=db --set-cname=reportdb +---- + +The files to use will be inside the server container and need to be copied to the new peripheral server host: + +. [litteral]``/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT`` as the root CA, +. [litteral]``/root/ssl-build/-reportdb/server.crt`` as the db certificate and +. [litteral]``/root/ssl-build/-reportdb/server.key`` as the db certificate's key. +==== == Client tools rebranding