Add chapter to refresh/deploy SSL certs

guides/common/assembly_refreshing-ca-certificates-on-hosts.adoc

@@ -0,0 +1,7 @@
+include::modules/con_refreshing-ca-certificates-on-hosts.adoc[]
+
+include::modules/proc_deploying-a-ca-certificate-on-a-host-by-using-script-rex.adoc[leveloffset=+1]
+
+include::modules/proc_deploying-a-ca-certificate-on-a-host-by-using-ansible-rex.adoc[leveloffset=+1]
+
+include::modules/proc_deploying-a-ca-certificate-on-a-host-manually.adoc[leveloffset=+1]

guides/common/modules/con_refreshing-ca-certificates-on-hosts.adoc

@@ -0,0 +1,4 @@
+[id="refreshing-ca-certificates-on-hosts"]
+= Refreshing CA certificates on hosts
+
+When you change the CA certificate on your {SmartProxy}, in cases such as when you rename your {SmartProxy} or when you configure {SmartProxy} with custom SSL certificates, you have to refresh the public SSL keys of the CA certificate on your hosts.

guides/common/modules/proc_deploying-a-ca-certificate-on-a-host-by-using-ansible-rex.adoc

@@ -0,0 +1,35 @@
+[id="deploying-a-ca-certificate-on-a-host-by-using-ansible-rex"]
+= Deploying a CA certificate on a host by using Ansible REX
+
+You can use remote execution (REX) with the Ansible provider to deploy the CA certificate.
+Redeploy the CA certificate when you change it on {ProjectServer}.
+
+.Prerequisites
+* The host is registered to {Project}.
+* Remote execution is enabled on the host.
+
+.Procedure
+. In the {ProjectWebUI}, navigate to *Monitor* > *Jobs*.
+. Click *Run Job*.
+. From the *Job category* list, select `Ansible Commands`.
+. From the *Job template* list, select `Download and execute a script`.
+. Click *Next*.
+. Select hosts on which you want to execute the job.
+. In the *url* field, enter the following URL:
++
+[options="nowrap" subs="+quotes,verbatim,attributes"]
+----
+http://_{foreman-example-com}_/unattended/public/foreman_ca_refresh
+----
++
+Replace _{foreman-example-com}_ with the hostname of your {ProjectServer}.
+. Optional: Click *Next* and configure advanced fields and scheduling as you require.
+. Click *Run on selected hosts*.
+
+
+.Verification
+* ...
+
+[role="_additional-resources"]
+.Additional resources
+* xref:executing-a-remote-job_managing-hosts[]

guides/common/modules/proc_deploying-a-ca-certificate-on-a-host-by-using-script-rex.adoc

@@ -0,0 +1,35 @@
+[id="deploying-a-ca-certificate-on-a-host-by-using-script-rex"]
+= Deploying a CA certificate on a host by using Script REX
+
+You can use remote execution (REX) with the Script provider to deploy the CA certificate.
+Redeploy the CA certificate when you change it on {ProjectServer}.
+
+.Prerequisites
+* The host is registered to {Project}.
+* Remote execution is enabled on the host.
+
+.Procedure
+. In the {ProjectWebUI}, navigate to *Monitor* > *Jobs*.
+. Click *Run Job*.
+. From the *Job category* list, select `Commands`.
+. From the *Job template* list, select `Download and run a script`.
+. Click *Next*.
+. Select hosts on which you want to execute the job.
+. In the *url* field, enter the following URL:
++
+[options="nowrap" subs="+quotes,verbatim,attributes"]
+----
+http://_{foreman-example-com}_/unattended/public/foreman_ca_refresh
+----
++
+Replace _{foreman-example-com}_ with the hostname of your {ProjectServer}.
+. Optional: Click *Next* and configure advanced fields and scheduling as you require.
+. Click *Run on selected hosts*.
+
+
+.Verification
+* ...
+
+[role="_additional-resources"]
+.Additional resources
+* xref:executing-a-remote-job_managing-hosts[]

guides/common/modules/proc_deploying-a-ca-certificate-on-a-host-manually.adoc

@@ -0,0 +1,15 @@
+[id="deploying-a-ca-certificate-on-a-host-manually"]
+= Deploying a CA certificate on a host manually
+
+You can deploy the CA certificate on the host manually by rendering a public provisioning template, which will provide the certificate to your host.
+Redeploy the CA certificate when you change it on {ProjectServer}.
+
+.Prerequisites
+* You have root access on your host.
+
+.Procedure
+. Log in to you host by using SSH.
+. Run the following command...
+
+.Verification
+* ...

guides/common/modules/proc_deploying-a-custom-ssl-certificate-to-hosts.adoc

@@ -1,52 +1,5 @@
 [id="deploying-a-custom-ssl-certificate-to-hosts_{context}"]
 = Deploying a {customssl} certificate to hosts
 
-After you configure {Project} to use a {customssl} certificate, you must deploy the certificate to hosts registered to {Project}.
-
-.Procedure
-* Update the SSL certificate on each host:
-+
-ifdef::satellite[]
-[options="nowrap", subs="+quotes,attributes"]
-----
-# {client-package-install-el8} http://_{common-example-com}_/pub/katello-ca-consumer-latest.noarch.rpm
-----
-endif::[]
-ifndef::satellite,orcharhino[]
-** On Debian and Ubuntu:
-+
-[options="nowrap" subs="+quotes,attributes"]
-----
-# wget http://_{common-example-com}_/pub/katello-rhsm-consumer
-# chmod +x katello-rhsm-consumer
-# ./katello-rhsm-consumer
-----
-** On {EL} 8+:
-+
-[options="nowrap" subs="+quotes,attributes"]
-----
-# {client-package-install-el8} http://_{common-example-com}_/pub/katello-ca-consumer-latest.noarch.rpm
-----
-** On OpenSUSE and {SLES}:
-+
-[options="nowrap" subs="+quotes,attributes"]
-----
-# {client-package-install-sles} http://_{common-example-com}_/pub/katello-ca-consumer-latest.noarch.rpm
-----
-endif::[]
-ifdef::orcharhino[]
-ifdef::debian,ubuntu[]
-[options="nowrap", subs="+quotes,attributes"]
-----
-# wget http://_{common-example-com}_/pub/katello-rhsm-consumer
-# chmod +x katello-rhsm-consumer
-# ./katello-rhsm-consumer
-----
-endif::[]
-ifndef::debian,ubuntu[]
-[options="nowrap", subs="+quotes,attributes"]
-----
-# {client-package-install} http://_{common-example-com}_/pub/katello-ca-consumer-latest.noarch.rpm
-----
-endif::[]
-endif::[]
+After you configure {Project} to use a {customssl} certificate, deploy the certificate to hosts registered to {Project}.
+For more information, see {ManagingHostsDocURL}refreshing-ca-certificates-on-hosts[Refreshing CA certificates on hosts] in _{ManagingHostsDocTitle}_.

guides/common/modules/proc_renaming-smart-proxy.adoc

@@ -59,8 +59,8 @@ Ensure that you enter the full path to the `.tar` file.
 ifndef::orcharhino[]
 For more information, see {InstallingSmartProxyDocURL}deploying-a-custom-ssl-certificate-to-{smart-proxy-context}-server_{smart-proxy-context}[Deploying a Custom SSL Certificate to {SmartProxyServer}] in _{InstallingSmartProxyDocTitle}_.
 endif::[]
-. Reregister all hosts that are registered to your {SmartProxyServer}.
-For more information, see {ManagingHostsDocURL}registering_hosts_to_server_managing-hosts[Registering hosts and setting up host integration] in _{ManagingHostsDocTitle}_.
+. Refresh the SSL certificates on all hosts that are registered to your {SmartProxyServer}.
+For more information, see {ManagingHostsDocURL}refreshing-ca-certificates-on-hosts[Refreshing CA certificates on hosts] in _{ManagingHostsDocTitle}_.
 . Update the {SmartProxy} host name in the {ProjectWebUI}.
 .. In the {ProjectWebUI}, navigate to *Infrastructure* > *{SmartProxies}*.
 .. Locate {SmartProxyServer} in the list, and click *Edit*.

guides/doc-Managing_Hosts/master.adoc

@@ -25,6 +25,8 @@ include::common/assembly_registering-hosts.adoc[leveloffset=+1]
 
 include::common/assembly_managing-network-interfaces.adoc[leveloffset=+1]
 
+include::common/assembly_refreshing-ca-certificates-on-hosts.adoc[leveloffset=+1]
+
 include::common/modules/proc_upgrading-hosts-to-next-major-release.adoc[leveloffset=+1]
 
 include::common/assembly_converting-a-host-to-rhel.adoc[leveloffset=+1]