Using a Custom SSL Certificate
The following section will guide you through using a custom certificate with SUSE Manager 4.0 and SUSE Manager Proxy 4.0.
Prerequisites
The following list provides requirements for using a custom certificate.
-
A Certificate Authority (CA) SSL public certificate file
-
A Web server SSL private key file
-
A Web server SSL public certificate file
-
Key and Certificate files must be in PEM format
Hostname and SSL Keys
The hostname of the web server’s SSL keys and relevant certificate files must match the hostname of the machine which they will be deployed on. |
Intermediate Certificates
In case you want to use CAs with intermediate certificates, merge the intermediate and root CA certificates into one file. It is important that the intermediate certificate comes first within the combined file. |
Setup
After completing YaST
firstboot procedures, export your current environment variables and point them to the correct SSL files to be imported.
Running these commands will make the default certificate obsolete after executing the yast2 susemanagersetup
command.
For more information on YaST
firstboot, see https://www.suse.com/documentation/suse-manager-3/singlehtml/suse_manager21/book_susemanager_install/book_susemanager_install.html#sec.manager.inst.setup.
-
Export the environment variables and point to the SSL files to be imported:
export CA_CERT=`path_to_CA_certificate_file`export SERVER_KEY=`path_to_web_server_key`export SERVER_CERT=`path_to_web_server_certificate`
-
Execute SUSE Manager setup with
yast2 susemanagersetup
Proceed with the default setup. Upon reaching the Certificate Setup window during YaST installation, fill in random values, as these will be overridden with the values specified in [bp.cert.custom.setup.proc.export].
Shell RequirementsMake sure that you executeyast2 susemanagersetup
from within the same shell the environment variables were exported from.
Using a Custom Certificate with SUSE Manager Proxy
After completing the installation with yast found in [advanced.topics.proxy.quickstart] continue with a modified [at.manager.proxy.run.confproxy] procedure:
-
Execute
configure-proxy.sh
. -
When prompted with:
Do you want to import existing certificates?
Answer with y .
-
Continue by following the script prompts.