Using a Custom SSL Certificate

The following section will guide you through using a custom certificate with Uyuni 4 and SUSE Manager Proxy 4.

Prerequisites

The following list provides requirements for using a custom certificate.

  • A Certificate Authority (CA) SSL public certificate file

  • A Web server SSL private key file

  • A Web server SSL public certificate file

  • Key and Certificate files must be in PEM format

Hostname and SSL Keys

The hostname of the web server’s SSL keys and relevant certificate files must match the hostname of the machine which they will be deployed on.

Intermediate Certificates

In case you want to use CAs with intermediate certificates, merge the intermediate and root CA certificates into one file. It is important that the intermediate certificate comes first within the combined file.

Setup

After completing YaST firstboot procedures, export your current environment variables and point them to the correct SSL files to be imported. Running these commands will make the default certificate obsolete after executing the yast2 susemanagersetup command. For more information on YaST firstboot, see https://www.suse.com/documentation/suse-manager-3/singlehtml/suse_manager21/book_susemanager_install/book_susemanager_install.html#sec.manager.inst.setup.

  1. Export the environment variables and point to the SSL files to be imported:

    export CA_CERT=`path_to_CA_certificate_file`export SERVER_KEY=`path_to_web_server_key`export SERVER_CERT=`path_to_web_server_certificate`
  2. Execute Uyuni setup with

    yast2 susemanagersetup

    Proceed with the default setup. Upon reaching the Certificate Setup window during YaST installation, fill in random values, as these will be overridden with the values specified in [bp.cert.custom.setup.proc.export].

    Shell Requirements
    Make sure that you execute yast2 susemanagersetup from within the same shell the environment variables were exported from.

Using a Custom Certificate with SUSE Manager Proxy

After completing the installation with yast found in [advanced.topics.proxy.quickstart] continue with a modified [at.manager.proxy.run.confproxy] procedure:

  1. Execute configure-proxy.sh.

  2. When prompted with:

    Do you want to import existing certificates?

    Answer with y .

  3. Continue by following the script prompts.