Chapter 3. SSL Infrastructure

Chapter 3. SSL Infrastructure

3.1. A Brief Introduction To SSL
3.2. The RHN SSL Maintenance Tool
3.2.1. SSL Generation Explained
3.2.2. RHN SSL Maintenance Tool Options
3.2.3. Generating the Certificate Authority SSL Key Pair
3.2.4. Generating Web Server SSL Key Sets
3.3. Deploying the CA SSL Public Certificate to Clients
3.4. Configuring Client Systems

For Red Hat Network customers, security concerns are of the utmost importance. One of the strengths of Red Hat Network is its ability to process every single request over Secure Sockets Layer, or SSL. To maintain this level of security, customers installing Red Hat Network within their infrastructures must generate custom SSL keys and certificates.

Manual creation and deployment of SSL keys and certificates can be quite involved. Both the RHN Proxy Server and the RHN Satellite Server allow you to build your own SSL keys and certificates based on your own private Certificate Authority (CA) during installation. In addition, a separate command line utility, the RHN SSL Maintenance Tool, exists for this purpose. Regardless, these keys and certificates must then be deployed to all systems within your managed infrastructure. In many cases, deployment of these SSL keys and certificates is automated for you. This chapter describes efficient methods for conducting all of these tasks.

Please note that this chapter does not explain SSL in depth. The RHN SSL Maintenance Tool was designed to hide much of the complexity involved in setting up and maintaining this public-key infrastructure (PKI). For more information, please consult some of the many good references available at your nearest bookstore.