Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-38115

Improve SSL certificate documentation: planning (CJ)

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • None
    • None
    • False
    • None

      Our current documentation of the different SSL certificates used by Satellite is not clear and some of the published information is obsolete. Documentation refers to generic SSL certificates instead of specific certificates.

      Because this problem affects installing Sat Server, installing Capsule, and managing hosts, I recommend creating a mini content journey to clarify the use cases and plan the improvements.

      Riccardo Furlan's summary and links:

      The documentation always refers to a generic "SSL certificate" eg. Deploying a custom SSL certificate to hosts [3] without explaining WHICH certificate we're referring to. There are MANY different SSL certificates in Satellite, each one with a different purpose. The best source of information I could find was this article [4] written for Satellite 6.2 almost 10 years ago. I'm honestly not even sure all those services still exist in recent Satellite versions.

      Another example is that we never specify the type of certificate involved, creating a lot of confusion in the reader. Section 2.5.2.2 Deploying a custom SSL certificate to Capsule Server and 2.5.2.3. Deploying a custom SSL certificate to hosts actually refer to different kind of certificates! The first to the leaf certificate, exposed by the Capsule, the second to the CA certificate, used by the host to authenticate the leaf certificate. This kind of clarification is highly desirable in my perspective. More info on the terminology here [5].

      [1]https://redhat-internal.slack.com/archives/C049F7NSXV3/p1757068825539669
      [2]SAT-38083
      [3]https://docs.redhat.com/en/documentation/red_hat_satellite/6.17/html-single/installing_capsule_server/index#deploying-a-custom-ssl-certificate-to-hosts_capsule
      [4]https://access.redhat.com/articles/3290001
      [5]https://cert-manager.io/docs/reference/tls-terminology/#whats-the-difference-between-root-intermediate-and-leaf-certificates

      Tasks

      • Review existing documentation of SSL certificates
      • Ensure that different certificates are documented, instead of generic certs, where appropriate

              apinnick@redhat.com Avital Pinnick
              apinnick@redhat.com Avital Pinnick
              Votes:
              6 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: