Buy Now: add systems, renew service, manage and provision

keyring Red Hat SSL Certificate

Certificate installation methods

It is recommended that you download and install the latest version of up2date to obtain the new RHN certificate. The following methods are for emergency or verification purposes only.

You can use either of the two methods below. The first is more secure, since you manually verify that the certificate is authentic and valid before installation. The second method uses a shell script to automate the process.

Manual installation method

The latest SSL certificate for RHN is available here.

The official RHN signature used to sign this certificate is here.

To download either of these text files in most browsers, right-click on the link, and click 'Download Link' or 'Save Target As'. These files can be saved to any directory.

After saving both files, you can verify that they have been downloaded successfully with the following commands:

[user@localhost user]$ gpg --import /usr/share/rhn/RPM-GPG-KEY

[user@localhost user]$ gpg --verify RHNS-CA-CERT.asc RHNS-CA-CERT

The certificate is verified if you see the following line among several lines of output:

gpg: Good signature from "Red Hat, Inc <security@redhat.com>"

Any warnings can be safely ignored, so long as this line is present. You can then install the verified certificate with the following command from the directory which contains RHNS-CA-CERT, as root:

[user@localhost user]$ su
Password: (enter root password)

[root@localhost user]# install -b RHNS-CA-CERT /usr/share/rhn

Certificate installation script

As an alternative to manually downloading and installing the certificates above, you can also run the following shell script. Please note that although the method listed below is shown for convenience, it is preferred that users download the script and verify the md5sum's separately before executing.

This script must be run as root. To run the script directly from our servers:

[root@localhost root]# wget -q -O - https://rhn.redhat.com/help/new-cert.sh | /bin/bash

The preferred method of running the script is to download it and verify the md5sum first:

[user@localhosthost user]$ md5sum new-cert.sh
8da6aef05771287bd43b5366241d75e0 new-cert.sh

[user@localhost user]$ su
Password: (enter root password)

[root@localhost user]# /bin/bash new-cert.sh