YUM supports SSL from version 3.2.27.
To secure a repository with SSL, execute the following steps:
Generate a private key and certificate using OpenSSL.
Define your protected repository in a
.repo
file as follows:[protected] name = SSL protected repository baseurl=<secure repo url> enabled=1 gpgcheck=1 gpgKey=<URL to public key> sslverify=1 sslclientcert=<path to .cert file> sslclientkey=<path to .key file>
where:
gpgkey is a URL pointing to the ASCII-armored GPG key file for the repository . This option is used if YUM needs a public key to verify a package and the required key has not been imported into the RPM database.
If this option is set, YUM will automatically import the key from the specific URL. You will be prompted before the key is installed unless the
assumeyes
option is set.