Bug 1391222

Summary: [RFE] Need a procedure to renew puppet CA after 5 years
Product: Red Hat Satellite Reporter: Stephen Benjamin <stbenjam>
Component: PuppetAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED WONTFIX QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.0CC: andrew.schofield, bkearney, cdonnell, oprazak
Target Milestone: UnspecifiedKeywords: FutureFeature, PrioBumpGSS
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-04 19:05:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Stephen Benjamin 2016-11-02 19:57:09 UTC 
Description of problem:
The Puppet CA's expire 5 years after creation


Version-Release number of selected component (if applicable):
6.x

How reproducible:
Always

Steps to Reproduce:
1. Install Satellite
2. Wait 5 years

Actual results:
Certs are expired

Expected results:
Certs are expired, but we provide a method to renew them

Additional info:
Typically, users regenerate the CA
and re-sign all the certs.  Not very nice if you have a lot of clients.  There's
something here about renewing it by reverse engineering the CSR:

  https://gist.github.com/kbarber/6456420
Comment 3 Ondřej Pražák 2017-09-29 12:45:39 UTC 
Created redmine issue http://projects.theforeman.org/issues/21159 from this bug
Comment 4 Bryan Kearney 2018-09-04 18:55:33 UTC 
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.
Comment 5 Bryan Kearney 2018-09-04 19:05:45 UTC 
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.