documentation.suse.com / SUSE Linux Enterprise Server Documentation / RMT Guide / Managing TLS/SSL certificates
Applies to SUSE Linux Enterprise Server 15 SP3

8 Managing TLS/SSL certificates

  

8.1 Regenerating HTTPS certificates

  

HTTPS certificates should be regenerated before they expire or to include additional common alternative names. No additional actions are required on the client machines registered to RMT server if only HTTPS certificates are regenerated.

  1. Stop nginx and rmt-server services: 

    # systemctl stop nginx
# systemctl stop rmt-server

  2. Remove previously generated certificates. 

    # rm /etc/rmt/ssl/rmt-server.*

  3. Run the yast rmt module as described in Section 2.4, “RMT configuration with YaST”.

8.2 Regenerating CA certificates and HTTPS certificates

  

CA certificates can be regenerated after they have expired or in case of security issues.

Warning
Warning: Import CA certificate on all clients

The newly generated CA certificate must be imported on all clients registered to the RMT server. This can be done by running the rmt-client-setup script on the client machines as described in Section 5.3, “Configuring clients with rmt-client-setup.

  1. Stop nginx and rmt-server services. 

    # systemctl stop nginx
# systemctl stop rmt-server

  2. Remove previously generated CA and HTTPS certificates. 

    # rm /etc/rmt/ssl/rmt-ca.*
# rm /etc/rmt/ssl/rmt-server.*

  3. Run the yast rmt module as described in Section 2.4, “RMT configuration with YaST”.