Bug 569321
| Summary: | Include additional Red Hat Network Certificate Authority (current CA expires in 2013) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mark J. Cox <mjc> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | unspecified | CC: | jpazdziora, jrusnack, thoger, wnefal+redhatbugzilla, xdmoon | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-07-30 13:25:51 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 566479, 569325, 569330, 569331, 739057, 786457 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
Hello Mark,
we have the 2010 -- 2020 one in the latest rhn-client-tools in RHEL 6. However, the MD5 differs from the file in attachment 397026 [details] (the downloaded attachment was stored in /tmp):
# diff -u /tmp/RHNS-CA-CERT /usr/share/rhn/RHNS-CA-CERT
--- /tmp/RHNS-CA-CERT 2010-05-13 14:15:07.359570510 +0200
+++ /usr/share/rhn/RHNS-CA-CERT 2010-04-08 11:37:25.000000000 +0200
@@ -23,14 +23,14 @@
18:c4:04:af:4f:15:69:89:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
- X509v3 Subject Key Identifier:
+ X509v3 Subject Key Identifier:
69:44:27:05:DC:2E:ED:A5:F4:81:C4:D7:78:45:E7:44:5D:F8:87:47
- X509v3 Authority Key Identifier:
+ X509v3 Authority Key Identifier:
keyid:69:44:27:05:DC:2E:ED:A5:F4:81:C4:D7:78:45:E7:44:5D:F8:87:47
DirName:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=RHN Certificate Authority/emailAddress=rhn-noc
serial:00
- X509v3 Basic Constraints:
+ X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
23:c9:ca:07:9f:5e:96:39:83:e0:4e:da:dd:47:84:30:ca:d4:
@@ -100,14 +100,14 @@
ad:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
- X509v3 Subject Key Identifier:
+ X509v3 Subject Key Identifier:
15:F1:11:00:0A:34:A1:A2:56:BB:2F:57:1E:59:E2:7F:6A:CF:EA:43
- X509v3 Authority Key Identifier:
+ X509v3 Authority Key Identifier:
keyid:15:F1:11:00:0A:34:A1:A2:56:BB:2F:57:1E:59:E2:7F:6A:CF:EA:43
DirName:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=RHN Certificate Authority/emailAddress=rhn-noc
serial:2A
- X509v3 Basic Constraints:
+ X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
2d:1b:a6:e7:df:b2:9e:2e:e4:1a:4d:e1:58:97:c2:82:18:10:
# diff -bu /tmp/RHNS-CA-CERT /usr/share/rhn/RHNS-CA-CERT
# rpm -qf /usr/share/rhn/RHNS-CA-CERT
rhn-client-tools-1.0.0-4.el6.noarch
# sha256sum /usr/share/rhn/RHNS-CA-CERT
bf2706255884cb7ee848eb3eac428407fcf9bac1693679719a02b30a736e7f0d /usr/share/rhn/RHNS-CA-CERT
# sha256sum /tmp/RHNS-CA-CERT
1240f38a7a2e7268b9452e42151f3f59c608ca296ef7a019bae170f228844e3d /tmp/RHNS-CA-CERT
Your file has space after the colon in the above lines.
Can you confirm that it's OK to ship the file that we already have in rhn-client-tools, without the spaces, with SHA 256 of bf2706255884cb7ee848eb3eac428407fcf9bac1693679719a02b30a736e7f0d?
Thank you, Jan
confirmed, all ok. /mnt/brew/packages/rhn-client-tools/1.0.0/4.el6/noarch/rhn-client-tools-1.0.0-4.el6.noarch.rpm $ grep -v : RHNS-CA-CERT | sha1sum da961204b4389ba75db233a82610b39da21baefc - from attachment $ grep -v : RHNS-CA-CERT | sha1sum da961204b4389ba75db233a82610b39da21baefc - |
Created attachment 397026 [details] Current and new CA certificates (RHNS-CA-CERT) The current Red Hat Network CA certificate expires on August 26th 2013. This CA is distributed with products such as Red Hat Enterprise Linux which connect to the Red Hat Network and is used to verify their connection to the service. In order to ensure that products can continue to connect to Red Hat Network after Aug 26th 2013 we need to make sure we also include the new CA certificate. The new CA expires Feb 24th 2020.