Bug 1252528

Summary: custom certificate procedure is not clear on what is customized
Product: Red Hat Satellite Reporter: Fred van Zwieten <fvzwieten>
Component: Docs Install GuideAssignee: Peter Ondrejka <pondrejk>
Status: CLOSED CURRENTRELEASE QA Contact: Russell Dickenson <rdickens>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.1.0CC: bkearney, chrobert, fvzwieten, rjerrido
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-13 13:27:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Fred van Zwieten 2015-08-11 15:55:00 UTC 
Document URL: 
https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html-single/Installation_Guide/index.html#form-Red_Hat_Satellite-Installation_Guide-Prerequisites-Base_Operating_System

Section Number and Name: 
2.2.3.2. Configuring Red Hat Satellite with a Custom Server Certificate

Describe the issue:
The text states "katello-installer comes with a default CA used both for the server ssl certificates as well as the client certificates used for authentication of the subservices. These certificates can be replaced with custom ones"

This can be read as that the installer gives the option to use custom ca certificate to have stallite act as a intermediate ca. However, this is only for the server and client certificates

Suggestions for improvement:
""katello-installer comes with a default CA used both for the server ssl certificates as well as the client certificates used for authentication of the subservices. The server and client certificates can be replaced with custom ones"

Also, it might be a good idea to have example openssl statements and such to explain exactly how to produce the 4 files that are needed by the installer. Not everyone is a ssl guru. What are the requirements for the server and client cert such that the customer knows how to generate the correct certs?

Additional information: