Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise Server 15

7 Managing SSL/TLS Certificates Edit source

7.1 Regenerating HTTPS Certificates Edit source

HTTPS certificates should be regenerated before they expire or to include additional common alternative names. No additional actions are required on the client machines registered to RMT server if only HTTPS certificates are regenerated.

  1. Stop nginx and rmt-server services:

    root # systemctl stop nginx
    root # systemctl stop rmt-server
  2. Remove previously generated certificates.

    root # rm /etc/rmt/ssl/rmt-server.*
  3. Run the yast rmt module as described in Section 1.4, “RMT Configuration with YaST”.

7.2 Regenerating CA Certificates and HTTPS Certificates Edit source

CA certificates can be regenerated once they have expired or in case of security issues.

Warning
Warning: Import CA Certificate on All Clients

The newly generated CA certificate must be imported on all clients registered to the RMT server. This can be done by running the rmt-client-setup script on the client machines as described in Section 4.3, “Configuring Clients with rmt-client-setup.

  1. Stop nginx and rmt-server services.

    root # systemctl stop nginx
    root # systemctl stop rmt-server
  2. Remove previously generated CA and HTTPS certificates.

    root # rm /etc/rmt/ssl/rmt-ca.*
    root # rm /etc/rmt/ssl/rmt-server.*
  3. Run the yast rmt module as described in Section 1.4, “RMT Configuration with YaST”.

Print this page