Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / SUSE Linux Enterprise Server Documentation / RMT Guide / Managing TLS/SSL certificates
Applies to SUSE Linux Enterprise Server 15 SP3

8 Managing TLS/SSL certificates

8.1 Regenerating HTTPS certificates

HTTPS certificates should be regenerated before they expire or to include additional common alternative names. No additional actions are required on the client machines registered to RMT server if only HTTPS certificates are regenerated.

  1. Stop nginx and rmt-server services:

    # systemctl stop nginx
    # systemctl stop rmt-server
  2. Remove previously generated certificates.

    # rm /etc/rmt/ssl/rmt-server.*
  3. Run the yast rmt module as described in Section 2.4, “RMT configuration with YaST”.

8.2 Regenerating CA certificates and HTTPS certificates

CA certificates can be regenerated after they have expired or in case of security issues.

Warning
Warning: Import CA certificate on all clients

The newly generated CA certificate must be imported on all clients registered to the RMT server. This can be done by running the rmt-client-setup script on the client machines as described in Section 5.3, “Configuring clients with rmt-client-setup.

  1. Stop nginx and rmt-server services.

    # systemctl stop nginx
    # systemctl stop rmt-server
  2. Remove previously generated CA and HTTPS certificates.

    # rm /etc/rmt/ssl/rmt-ca.*
    # rm /etc/rmt/ssl/rmt-server.*
  3. Run the yast rmt module as described in Section 2.4, “RMT configuration with YaST”.