Using a Custom SSL Certificate
The following section will guide you through using a custom certificate with Uyuni 4 and SUSE Manager Proxy 4.
The following list provides requirements for using a custom certificate.
A Certificate Authority (CA) SSL public certificate file
A Web server SSL private key file
A Web server SSL public certificate file
Key and Certificate files must be in PEM format
Hostname and SSL Keys
The hostname of the web server’s SSL keys and relevant certificate files must match the hostname of the machine which they will be deployed on.
In case you want to use CAs with intermediate certificates, merge the intermediate and root CA certificates into one file. It is important that the intermediate certificate comes first within the combined file.
After completing YaST
firstboot procedures, export your current environment variables and point them to the correct SSL files to be imported.
Running these commands will make the default certificate obsolete after executing the
yast2 susemanagersetup command.
For more information on YaST
firstboot, see https://www.suse.com/documentation/suse-manager-3/singlehtml/suse_manager21/book_susemanager_install/book_susemanager_install.html#sec.manager.inst.setup.
Export the environment variables and point to the SSL files to be imported:
export CA_CERT=`path_to_CA_certificate_file`export SERVER_KEY=`path_to_web_server_key`export SERVER_CERT=`path_to_web_server_certificate`
Execute Uyuni setup with
Proceed with the default setup. Upon reaching the Certificate Setup window during YaST installation, fill in random values, as these will be overridden with the values specified in [bp.cert.custom.setup.proc.export].Shell RequirementsMake sure that you execute
yast2 susemanagersetupfrom within the same shell the environment variables were exported from.
When prompted with:
Do you want to import existing certificates?
Answer with y .
Continue by following the script prompts.