Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
SUSE Manager Documentation › Best Practices › Using a Custom SSL Certificate
ContentsContents
Best Practices
  1. 1 Introduction
  2. 2 Managing Your Subscriptions
  3. 3 Expanded Support
  4. 4 Salt Formulas and SUSE Manager
  5. 5 Configuration Management with Salt
  6. 6 Salt Minion Scalability
  7. 7 Activation Key Management
  8. 8 Contact Methods
  9. 9 Advanced Patch Lifecycle Management
  10. 10 Live Patching with SUSE Manager
  11. 11 SUSE Manager Server Migration
  12. 12 Client Migration
  13. 13 PostgreSQL Database Migration
  14. 14 Backup and Restore
  15. 15 Authentication Methods
  16. 16 Using a Custom SSL Certificate
  17. 17 Troubleshooting
  18. 18 Additional Resources
  19. 19 A SUSE Manager 2.1 and 3.2 Product Comparison
  20. A GNU Licenses
  21. 20 GNU Free Documentation License
Navigation
SUSE Manager Documentation › Best Practices › Using a Custom SSL Certificate
Top

16 Using a Custom SSL Certificate

16.1 Prerequisites
16.2 Setup
16.3 Using a Custom Certificate with SUSE Manager Proxy

The following section will guide you through using a custom certificate with SUSE Manager 3.2 and SUSE Manager Proxy 3.2 .

16.1 Prerequisites

The following list provides requirements for using a custom certificate.

  • A Certificate Authority (CA) SSL public certificate file

  • A Web server SSL private key file

  • A Web server SSL public certificate file

  • Key and Certificate files must be in PEM format

Important
Important: Hostname and SSL Keys

The hostname of the web server’s SSL keys and relevant certificate files must match the hostname of the machine which they will be deployed on.

Tip
Tip: Intermediate Certificates

In case you want to use CAs with intermediate certificates, merge the intermediate and root CA certificates into one file. It is important that the intermediate certificate comes first within the combined file.

16.2 Setup

After completing YaST firstboot procedures, export your current environment variables and point them to the correct SSL files to be imported. Running these commands will make the default certificate obsolete after executing the yast2 susemanagersetup command. For more information on YaST firstboot, see https://www.suse.com/documentation/suse-manager-3/singlehtml/suse_manager21/book_susemanager_install/book_susemanager_install.html#sec.manager.inst.setup.

  1. Export the environment variables and point to the SSL files to be imported:

    export CA_CERT=`path_to_CA_certificate_file`export SERVER_KEY=`path_to_web_server_key`export SERVER_CERT=`path_to_web_server_certificate`

  2. Execute SUSE Manager setup with

    yast2 susemanagersetup

    Proceed with the default setup. Upon reaching the Certificate Setup window during YaST installation, fill in random values, as these will be overridden with the values specified in ???TITLE???.

    Note
    Note: Shell Requirements

    Make sure that you execute yast2 susemanagersetup from within the same shell the environment variables were exported from.

16.3 Using a Custom Certificate with SUSE Manager Proxy

After completing the installation with yast found in Book “Advanced Topics”, Chapter 2 “SUSE Manager 3.2 Proxy” continue with a modified Book “Advanced Topics”, Chapter 2 “SUSE Manager 3.2 Proxy”, Section 2.2 “Proxy Installation and Connecting Clients”, Section 2.2.5 “Running configure-proxy.sh procedure:

  1. Execute configure-proxy.sh.

  2. When prompted with:

    Do you want to import existing certificates?

    Answer with y .

  3. Continue by following the script prompts.

Chapter 17 TroubleshootingChapter 15 Authentication Methods
Print this page

© 2019 SUSE