Certificate Requirements for Linux Clients

Last updated on January 28, 2021.

Last Reviewed and Approved on PENDING REVIEW

Introduction

This document describes the certificate requirements to leverage Patch Management in Rapid Provisioning System (RPS) for Linux clients. Additionally, this document also provides instructions on installing the certificate required.

Document Overview

Patch Management in RPS requires communication via HTTPS. The certificate authority (CA) that signed the webserver's certificate must be trusted by the Linux client or patches will not be downloaded. This is done by installing the public certificate of the CA. This document is considered a living document and subject to change.

Installing the RPS CA Public Certificate

1. Copy the RPS CA public certificate to Linux machine.

   a. The RPS CA public certificate is located in \ContentStore\Certificates\RpsRoot.cer

2. Convert to .pem file with openssl tool.

   a. openssl x509 -inform der -in certificate.cer -out certificate.pem

   b. If you receive a 0D0680A8 and 0D07803A error, the certificate is already in the correct format. The only change needed is to change the certificate's file extension from .cer to .pem

3. Rename RpsRoot.cer to RpsRoot.pem

   a. mv RpsRoot.cer RpsRoot.pem

4. Once the certificate has the .pem extension copy certificate to:

   a. /etc/pki/ca-trust/source/anchors/

5. Import the certificate with the following command:

   a. update-ca-trust extract

   b. The certificate will be added to the /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem file.

6. Verify the certificate imported with the following command:

   a. cat /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem | grep RPS