[Spacewalk-list] Auto-deploying renewed cert
Avi Miller
avi.miller at oracle.com
Thu Oct 5 19:52:52 UTC 2017
Hi,
> On 5 Oct 2017, at 12:14 pm, Daryl Rose <darylrose at outlook.com> wrote:
>
> I'm using a signed cert, not the self-signed cert that is created on installation. The signed cert will expire at the end of the year.
Correct. The certificate signed by your CA will expire and you need to renew it. However, the CA certificate itself is not expiring and that's what you distribute as RHN-ORG-TRUSTED-SSL-CERT to your clients. That CA certificate is self-signed by default, but in your case is actually the CA chain of your SSL vendor.
The only time you need to push an update to your clients is if the CA certificate changes or expires. Neither of these cases is happening here.
Cheers,
Avi
--
Oracle <http://www.oracle.com>
Avi Miller | Product Management Director | +61 (3) 8616 3496
Oracle Linux and Virtualization
417 St Kilda Road, Melbourne, Victoria 3004 Australia
More information about the Spacewalk-list
mailing list