How Can We Help?
The Subscription Manager installation requires a certificate, and if you don’t have an existing certificate available you can generate one yourself (useful for development environments), but you need to be sure to generate it correctly.
You can use OpenSSL (as explained by the installation documentation), but this process does require some additional explanation.
1. Generate a key that is at least 2048-bit long
If using OpenSSL, ensure the following command passes a key length of at least 2048, since Subscription Manager requires a 2048-bit key minimum:
openssl genrsa -out privatekey.pem 2048
2. Choosing the right Common Name (CN)
For use as a signing/encryption certificate, the Common Name (CN) of the certificate can be any name you choose. It does not need to match the DNS name of the hosting machine (as an SSL certificate does).
3. Enter the correct CN when exporting the x509 certificate to a .pfx file
When generating the .pfx file using the command:
openssl pkcs12 -export -out public_privatekey.pfx -inkey privatekey.pem -in publickey.cer
Make sure you enter a Common Name (CN) when prompted. You will select this CN again when installing Subscription Manager.
Comments are closed.