diff --git a/CHANGELOG.md b/CHANGELOG.md index 51f6592d1dc..7f6cb0cd427 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,5 @@ +- Explained how to generate the proxy certificates on a peripheral server + (bsc#1249425) - Fixed the issue with importing SSL certificates in Administration Guide (bsc#1253382) - Added precisions on the intermediate CA certificates to Administration diff --git a/modules/installation-and-upgrade/partials/snippet-generate_proxy_config.adoc b/modules/installation-and-upgrade/partials/snippet-generate_proxy_config.adoc index 874b0c864c6..76165a0e672 100644 --- a/modules/installation-and-upgrade/partials/snippet-generate_proxy_config.adoc +++ b/modules/installation-and-upgrade/partials/snippet-generate_proxy_config.adoc @@ -21,6 +21,24 @@ For Podman deployment, the container host for the {productname} Proxy must be re If a proxy FQDN is used to generate a proxy container configuration that is not a registered client (as in the Kubernetes use case), a new system entry will appear in system list. This new entry will be shown under previously entered Proxy FQDN value and will be of [literal]``Foreign`` system type. +[NOTE] +==== +Peripheral servers are always using third-party SSL certificates. +If the hub server has generated the certificates for the peripheral server, it needs to generate the certificate of each proxy too. +On the hub server, run the following command. +[source,shell] +---- +mgrctl exec -ti -- rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \ + --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \ + --set-org-unit="ORGANIZATION UNIT" --set-email="name@example.com" \ + --set-hostname=PROXY --set-cname="proxy.example.com" +---- +The files to use will be +* [litteral]``/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT`` as the root CA, +* [litteral]``/root/ssl-build//server.crt`` as the proxy certificate and +* [litteral]``/root/ssl-build//server.key`` as the proxy certificate's key. +==== + // tag::generate-proxy-config-section[] === Generate the Proxy Configuration with {webui}