SUSE Manager/Import Custom Certificate

From MicroFocusInternationalWiki
Jump to: navigation, search

Import custom SSL Certificate to SUSE Manager 2.1 and higher

Follow these steps if you would like to import a custom SSL certificate to SUSE Manager 2.1 and higher or SUSE Manager Proxy 2.1 and higher.

Prerequisites

  • A Certificate Authority SSL public certificate file
  • A Web server SSL private key file
  • A Web server SSL public certificate file
  • Key/Certificate files must be in PEM format
  • IMPORTANT! The hostname of the web server's SSL keys and relevant certificate files must match the hostname of the machine which they will be deployed on.

Importing custom SSL Certificate to SUSE Manager

After completing the yast firstboot procedures found in the installation guide (see also https://www.suse.com/documentation/suse_manager/book_susemanager_install/data/sec_manager_inst_installation.html), it will be necessary to export the environment variables and point them to the correct SSL files to be imported. It is important to note, running these commands will obsolete the default certificate during yast2 susemanager_setup.

1. Export the environment variables and point to the SSL files to be imported:

 export CA_CERT=<path to CA certificate file>
 export SERVER_KEY=<path to web server key>
 export SERVER_CERT=<path to web server certificate>

2. Execute SUSE Manager setup with yast2 susemanager_setup. You must run this command from within the same shell the environment variables were exported from in step 1. Proceed with the default setup. Upon reaching the Certificate Setup window during yast installation, fill in random values, as these will be overridden with the values specified in step 1.

Importing custom SSL Certificate to SUSE Manager Proxy

After completing the yast firstboot procedures found in the installation guide; See also: https://www.suse.com/documentation/suse_manager/book_susemanager_install/data/sec_manager_inst_installation.html ,

Execute:

  • configure-proxy.sh
  • when the script prompts with Do you want to import existing certificates?, answer y.
  • Continue by following the installation prompts.