Open Grieves

Open Grieves

Assimilate quickly!

You must comply!

Complete workflow: Properly signed certificates and Satellite/Capsule 6.1

Out of troublePosted by Magnus Glantz 2015-12-10 19:23:12
So I never ever forget.

1. Install tools on the Capsule
# yum install crypto-utils mod_ssl

2. Generate certificate request
# genkey $(hostname)

3. Submit certificate request and get an certificate.
# Not sure how you do that..

4. Download signed certificate. Convert to PEM format if it's not already that. If in DER format, convert like so:
# openssl x509 -inform der -in mysignedcertficates.cer -out /etc/pki/tls/certs/capsule-fqdn.crt

5. Perhaps, download certificate chain from CA (if you have your own CA).
# Not sure how you do that..

6. Upload files to Satellite from Capsule:
# Certificate Request:
/etc/pki/tls/certs/capsule-fqdn.0.csr
# Key
/etc/pki/tls/private/capsule-fqdn.key

7. Upload other files to Satellite:
# Certificate chain from CA
/someplace/my-certificate-chain.pem
# Signed certificate for Capsule:
/someplace/capsule-fqdn.crt

8. Move all files to /root/capsule-fqdn on Satellite
...

9. Generate certificate tar for Capsule on Satellite:
capsule-certs-generate --capsule-fqdn CAPSULE-FQDN --server-ca-cert /root/capsule-fqdn/my-certificate-chain.pem --server-cert /root/capsule-fqdn/capsule-fqdn.crt --server-cert-req /root/capsule-fqdn/capsule-fqdn.0.csr --server-key /root/capsule-fqdn/capsule-fqdn.key --certs-tar /root/capsule-fqdn.tar --certs-update-server

10. Install Capsule as described from the output from the capsule-certs-generate command.

11. Done.








  • Comments(0)//blog.hacka.net/#post107