Applies to SUSE Linux Enterprise Server 15 SP6

8 Managing TLS/SSL certificates #

8.1 Regenerating HTTPS certificates #

HTTPS certificates should be regenerated before they expire or to include additional common alternative names. No additional actions are required on the client machines registered to the RMT server if only HTTPS certificates are regenerated.

Stop nginx and rmt-server services.

# systemctl stop nginx
# systemctl stop rmt-server

Remove previously generated certificates.
```
# rm /etc/rmt/ssl/rmt-server.*
```
Run the yast rmt module as described in Section 2.5, “RMT configuration with YaST”.

8.2 Regenerating CA certificates and HTTPS certificates #

CA certificates can be regenerated after they have expired or in case of security issues.

Warning: Import CA certificate on all clients

The newly generated CA certificate must be imported on all clients registered to the RMT server. This can be done by running the rmt-client-setup script on the client machines as described in Section 5.3, “Configuring clients with rmt-client-setup”.

Stop nginx and rmt-server services.

# systemctl stop nginx
# systemctl stop rmt-server

Remove previously generated CA and HTTPS certificates.

# rm /etc/rmt/ssl/rmt-ca.*
# rm /etc/rmt/ssl/rmt-server.*

Run the yast rmt module as described in Section 2.5, “RMT configuration with YaST”.