5.1 - Explain how to generate the proxy SSL certs for a peripheral server

CHANGELOG.md

@@ -1,3 +1,5 @@
+- Explained how to generate the proxy certificates on a peripheral server 
+  (bsc#1249425)
 - Fixed the issue with importing SSL certificates in Administration Guide 
   (bsc#1253382)
 - Added precisions on the intermediate CA certificates to Administration

modules/installation-and-upgrade/partials/snippet-generate_proxy_config.adoc

@@ -21,6 +21,24 @@ For Podman deployment, the container host for the {productname} Proxy must be re
 If a proxy FQDN is used to generate a proxy container configuration that is not a registered client (as in the Kubernetes use case), a new system entry will appear in system list.
 This new entry will be shown under previously entered Proxy FQDN value and will be of [literal]``Foreign`` system type.
 
+[NOTE]
+====
+Peripheral servers are always using third-party SSL certificates.
+If the hub server has generated the certificates for the peripheral server, it needs to generate the certificate of each proxy too.
+On the hub server, run the following command.
+[source,shell]
+----
+mgrctl exec -ti -- rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \
+  --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \
+  --set-org-unit="ORGANIZATION UNIT" --set-email="[email protected]" \
+  --set-hostname=PROXY --set-cname="proxy.example.com"
+----
+The files to use will be
+* [litteral]``/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT`` as the root CA,
+* [litteral]``/root/ssl-build/<hostname>/server.crt`` as the proxy certificate and
+* [litteral]``/root/ssl-build/<hostname>/server.key`` as the proxy certificate's key.
+====
+
 // tag::generate-proxy-config-section[]
 === Generate the Proxy Configuration with {webui}