8.1 Using Kernel Parameters to Access an SMT Server

Any client can be configured to use SMT by providing the following kernel parameters during machine boot: regurl and regcert. The first parameter is mandatory, the latter is optional.

WARNING: Beware of Typing Errors

Make sure the values you enter are correct. If regurl has not been specified correctly, the registration of the update source will fail.

If an invalid value for regcert has been entered, you will be prompted for a local path to the certificate. In case regcert is not specified at all, it will default to http://FQDN/smt.crt with FQDN being the name of the SMT server.

regurl

URL of the SMT server. The URL needs to be in the following format: https://FQDN/center/regsvc/ with FQDN being the fully qualified hostname of the SMT server. It must be identical to the FQDN of the server certificate used on the SMT server. Example:

regurl=https://smt.example.com/center/regsvc/
regcert

Location of the SMT server's CA certificate. Specify one of the following locations:

URL

Remote location (http, https or ftp) from which the certificate can be downloaded. Example:

regcert=http://smt.example.com/smt.crt
Floppy

Specifies a location on a floppy. The floppy has to be inserted at boot time—you will not be prompted to insert it if it is missing. The value has to start with the string floppy, followed by the path to the certificate. Example:

regcert=floppy/smt/smt-ca.crt
Local Path

Absolute path to the certificate on the local machine. Example:

regcert=/data/inst/smt/smt-ca.cert
Interactive

Use ask to open a pop-up menu during installation where you can specify the path to the certificate. Do not use this option with AutoYaST. Example:

regcert=ask
Deactivate Certificate Installation

Use done if either the certificate will be installed by an add-on product, or if you are using a certificate issued by an official certificate authority. Example:

regcert=done

WARNING: Change of SMT Server Certificate

If the SMT server gets a new certificate from a new and untrusted CA, the clients need to retrieve the new CA certificate file. This is done automatically with the registration process but only if a URL was used at installation time to retrieve the certificate, or if the regcert parameter was omitted and thus, the default URL is used. If the certificate was loaded using any other method, such as floppy or local path, the CA certificate will not be updated.