Bug 566479
| Summary: | RHNS-CA-CERT must contain a certificate valid after 2013 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Michael Mráka <mmraka> | ||||||
| Component: | rhn-client-tools | Assignee: | Milan Zázrivec <mzazrivec> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Jiri Kastner <jkastner> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 5.5 | CC: | jhutar, jkastner, mhicks, mjc, morazi, rjaswal, syeghiay, vdanen | ||||||
| Target Milestone: | rc | Keywords: | Security | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | rhn-client-tools-0.4.20-32.el5 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2010-03-30 08:44:42 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 569321 | ||||||||
| Attachments: |
|
||||||||
|
Description
Michael Mráka
2010-02-18 15:25:02 UTC
Also remove the bad redundant cert
(2nd certificate in the list:
Validity
Not Before: Sep 5 20:45:16 2002 GMT
Not After : Sep 9 20:45:16 2007 GMT
)
Can anyone please generate that certificate? We can probably generate it within our team, but I suppose it is not desired. marked as a blocker with security keyword because this will have a customer impact which could stop customers getting security updates. If we do not include the new CA then RHEL5.5 will stop accepting updates from RHN in 2013. Of course we can push a new package to 5.5.z or 5.6 before 2013 with a new CA, but anyone in 2013 who installs from a 5.5 ISO (or previous) will not be able to get any security updates automatically. (note this is RHBA-2009:9254) Created attachment 397017 [details]
New CA certificate (not new complete file)
Created attachment 397019 [details]
replacement RHNS-CA-CERT file
Fixed spacewalk (upstream) version of rhn-client-tools:
commit 31fb4296ee9825469cb6687a84f83b44ad639e10
Automatic commit of package [rhn-client-tools] release [0.9.4-1].
commit 27474175a8f25d0d62bb28adda181ea2cb5a5f2c
added new CA key valid until 2020
Fixed RHEL5.5 version (svn): ------------------------------------------------------------------------ r191147 | mmraka | 2010-03-01 11:22:53 +0100 (Mon, 01 Mar 2010) | 2 lines removed expired CA certs and added new CA cert valid until 2020 New build containing the new CA certificate: rhn-client-tools-0.4.20-32.el5 QA: Test registration with rhn.redhat.com & SSL enabled. c18: note that "openssl x509" command will only show you the first CA it comes across, not all the CA's that are in the file. To verify the cert you'd have to cut and paste it out before passing to openssl x509. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0270.html |