Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Install Red Hat CA certificates
SA Red Hat importer validates the server certificates for Red Hat Network Classic (RHN), Red Hat Subscription Management (RHSM) and Red Hat Satellite. By default SA comes bundled with CA certificates only for RHN. Out of the three content providers only Red Hat Network Classic is signed by a certificate authority trusted by both SA and Red Hat.
RHSM and Red Hat Satellite servers have self-signed certificates so by default there is no CA certificate bundled for these two content providers with rhn_import component. To enable access to Red Hat Subscription Management and/or Red Hat Satellite you need to install the self-signed server certificate in the OSPWopenssl trust store.
Depending on your use cases you only need to install the RHSM server certificate if you are using the new Red Hat Subscription Management content provider, or the satellite server certificate in case you have a Red Hat Satellite and want to import from it. Otherwise, if you only use RHN as a provider you can safely skip this section.
The process of installing a certificate in the trust store is split in three steps:
- Download the self-signed certificate from RHSM/Red Hat Satellite
- Install the self-signed certificate in SA trust store
- Verify that OPSWopenssl is validating the server certificate
The first step is different on RHSM and Red Hat Satellite server while the last two steps are the same for both content providers.
Downloading the self-signed certificate
Downloading RHSM self-signed certificate
The RSHM server certificate is not signed by a public certificate authority. You have to use the openssl tool to download the certificate chain for cdn.redhat.com. After download, extract the last certificate issued by Entitlement Master CA and copy it into a .pem file:
A command example to download the certificate chain for RHSM:
openssl s_client –connect cdn.redhat.com:443 –prexit -showcerts
Note: At the time of this writing, the latest released version of openssl (i.e openssl-1.0.2d) does not work with HTTP proxies. The easiest option is to use a browser to download the certificate.
Downloading Red Hat Satellite self-signed certificate
The self-signed certificate is made public by Red Hat Satellite server at /pub/RHN-ORG-TRUSTED-SSL-CERT. Run the following command to download the certificate file:
wget -O /tmp/RHN-ORG-TRUSTED-SSL-CERT http://redhat.satellite.hostname/pub/RHN-ORG-TRUSTED-SSL-CERT
If you need proxy access to Red Hat Satellite server you can export the http_proxy environment variable and wget will use the value exported.
Installing the self-signed certificate in SA trust store
At the end of the downloaded certificate you should see a block that looks like:
-----BEGIN CERTIFICATE----- MIIE4TCCA8mgAwIBAgIJANwa5OFPkBHHMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD haXhmbq+5pEkpxGAactW+tORsJmpgTdAXeq2rreYtgZ2/vCwdM0iwSVakGNFAvni T9lnSVrADcO/S8V/DzcH30RzSpIS44beE23zag82019fCrsZg9VkYJER4Fn0tRq4 6U9I4OgBSPSU34MXclGld0BAN+mANWHQYacZ7hHQJtMRP+mc8ZgHIvsKNnKRoHOd Rhla7cP7GYrXn/piQAxRW66fOYJOeVIsAWJvgUb+A8ecwb+s6k56cQdLKkm0wKD0 2zUFMAg= -----END CERTIFICATE----- |
Append the block to the end of file /opt/opsware/openssl/cert.pem. At this point, the certificate is installed in the SA trust store. Ensure that openssl tool can verify the RHSM and/or Red Hat Satellite server certificate.
Verifying that OPSWopenssl is validating the server certificate
After the CA certificate is installed in SA trust store, you must verify if openssl validates the installed certificates before running the importer. To do so, please run the following command:
/opt/opsware/bin/openssl s_client -connect rhsm.or.satellite.hostname:443 -verify 3
If the verification succeeds at the end of the output you should see the following message:
Verify return code: 0 (ok)
Otherwise, if something went wrong you should see a return code different than 0, for example:
Verify return code: 21 (unable to verify the first certificate)
Note Since openssl can’t work behind a proxy, the above command might not work if there is an HTTP proxy in your local network.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: