Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
- Import Red Hat Errata and Channels in SA using SA Red Hat Importer tool
- RHN Classic, RHSM and Satellite
- Content import using Red Hat Subscription Management
- Entitlement certificates
- Install Red Hat CA certificates
- Content labels
- Sample use cases
- Migration
- Supported RHEL versions
- Reuse Red Hat import configuration file
- View errata based and channel based policies in the SA Client
Install Red Hat CA certificates
SA Red Hat importer validates the server certificates for Red Hat Network Classic (RHN), Red Hat Subscription Management (RHSM) and Red Hat Satellite. By default SA comes bundled with CA certificates only for RHN. Out of the three content providers only Red Hat Network Classic is signed by a certificate authority trusted by both SA and Red Hat.
RHSM and Red Hat Satellite servers have self signed certificates so by default there is no CA certificate bundled for these two content providers with SA rhn_import component. To enable access to Red Hat Subscription Management and/or Red Hat Satellite you need to install the self signed server certificate in the openssl trust store.
Depending on your use cases you only need to install the RHSM server certificate if you are using the new Red Hat Subscription Management content provider, or the satellite server certificate in case you have a Red Hat Satellite and want to import from it. Otherwise, if you only use RHN as a provider you can safely skip this section.
The process of installing a certificate in the trust store is split in three steps:
- Download the self signed certificate from RHSM/Red Hat Satellite
- Install the self signed certificate in SA trust store
- Verify that openssl is validating the server certificate
The first step is different on RHSM and Red Hat Satellite server while the last two steps are the same for both content providers.
Downloading the self-signed certificate
Download RHSM self-signed certificate
The RSHM server certificate is not signed by a public certificate authority. You have to use the openssl tool to download the certificate chain for cdn.redhat.com. After download, extract the last certificate issued by Entitlement Master CA and copy it into a .pem file:
A command example to download the certificate chain for RHSM:
/opt/opsware/bin/openssl s_client -connect cdn.redhat.com:443 -prexit -showcerts
Note The latest released version of openssl (i.e openssl-1.0.2h) does not work with HTTP proxies. The easiest option is to use a web browser to download the certificate.
Download Red Hat Satellite self-signed certificate
The self signed certificate is made public by Red Hat Satellite server at /pub/RHN-ORG-TRUSTED-SSL-CERT. Run the following command to download the certificate file:
wget -O /tmp/RHN-ORG-TRUSTED-SSL-CERT http://redhat.satellite.hostname/pub/RHN-ORG-TRUSTED-SSL-CERT
If you need proxy access to the Red Hat Satellite server, you can export the http_proxy environment variable and wget will use the value exported.
Installing the self-signed certificate in HPE SA trust store
At the end of the downloaded certificate, a block similar to the following appears:
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIJANwa5OFPkBHHMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD
haXhmbq+5pEkpxGAactW+tORsJmpgTdAXeq2rreYtgZ2/vCwdM0iwSVakGNFAvni
T9lnSVrADcO/S8V/DzcH30RzSpIS44beE23zag82019fCrsZg9VkYJER4Fn0tRq4
6U9I4OgBSPSU34MXclGld0BAN+mANWHQYacZ7hHQJtMRP+mc8ZgHIvsKNnKRoHOd
Rhla7cP7GYrXn/piQAxRW66fOYJOeVIsAWJvgUb+A8ecwb+s6k56cQdLKkm0wKD0
2zUFMAg=
-----END CERTIFICATE-----
Append the block to the end of /opt/opsware/openssl/cert.pem. At this point, the certificate is installed in the HPE SA trust store. Ensure that openssl tool can verify the RHSM and/or Red Hat Satellite server certificate.
Verifying that openssl is validating the server certificate
After the CA certificate is installed in HPE SA trust store, you must verify if the SA-bundled openssl validates the installed certificates before running the importer. To do so, run the following command:
/opt/opsware/bin/openssl s_client -connect rhsm.or.satellite.hostname:443 -verify 3
If the verification succeeds at the end of the output, the following message appears:
Verify return code: 0 (ok)
In case of an error, a return code different than 0 appears, for example:
Verify return code: 21 (unable to verify the first certificate)
Note Since openssl cannot work behind a proxy, the above command might not work if there is an HTTP proxy in your local network.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: