Bug 810691
Summary: | RFE: add a chapter or section to show how to update the entitlement-signing CA certificate | ||
---|---|---|---|
Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | Satoru SATOH <ssato> |
Component: | Documentation | Assignee: | Shikha <snansi> |
Status: | CLOSED ERRATA | QA Contact: | Martin Kočí <mkoci> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 2.1 | CC: | belong, cmorgan, dmacpher, jslagle, juwu, kbidarka, mkoci, sghai, tsanders |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
The Red Hat Update Infrastrucutre Installation Guide was missing a chapter for updating an expired entitlement-signing certificate. This update adds a new chapter to the Installation Guide. Users can now update expired entitlement-signing certificate with Chapter 6. Identity Certificates.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-08-24 11:54:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 817736 | ||
Bug Blocks: |
Description
Satoru SATOH
2012-04-08 11:04:28 UTC
Goal should be to make the CA long lived before installing RHUI. Updating CA's is not trivial. Hi Julie, Development will need to provide this information to you. This is actually a fairly simple process. I'm not sure if it requires it's own chapter or not. Here's the material: Before re-generating the entitlement-signing CA certificate, keep in mind that any client instances that have client configuration rpm's installed that contain certificates signed by your existing entitlement-signing CA certificate will cease to work. These clients will need to be updated by installing new client configuration rpm's manually, or perhaps from an unprotected custom repository hosted in your RHUI infrastructure. To update the entitlement-signing CA certificate and its private key, simply remove the following files from the /etc/pki/rhui directory (you may wish to back them up): entitlement-ca.crt entitlement-ca-key.pem entitlement-ca.srl identity.crt identity.key Note: The Identity certificate and its private key (identity.crt and identity.key) are removed because they are signed by the entitlement-signing CA certificate and thus must be regenerated. The next time you start rhui-manager you will prompted for the new path to the entitlement-signing CA certificate and key, and a new identity certificate and key will also be generated. This is further detailed in Section 4.1 of the Installation guide. This procedure has been added to Administration Guide. Link: http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Update_Infrastructure/2.1/html/Administration_Guide/chap-Administration_Guide-Identity_Certificates.html#Administration_Guide-Identity_Certificates-Update_Cert Regards, Shikha Confirmed the section 6.1. Updating Entitlement-Signing CA Certificate is in new documentation 2.1 of the Administration Guide. Moving bug to VERIFIED. Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: The Red Hat Update Infrastrucutre Installation Guide was missing a chapter for updating an expired entitlement-signing certificate. This update adds a new chapter to the Installation Guide. Csers can now update expired entitlement-signing certificate with Chapter 6. Identity Certificates. Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -The Red Hat Update Infrastrucutre Installation Guide was missing a chapter for updating an expired entitlement-signing certificate. This update adds a new chapter to the Installation Guide. Csers can now update expired entitlement-signing certificate with Chapter 6. Identity Certificates.+The Red Hat Update Infrastrucutre Installation Guide was missing a chapter for updating an expired entitlement-signing certificate. This update adds a new chapter to the Installation Guide. Users can now update expired entitlement-signing certificate with Chapter 6. Identity Certificates. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-1205.html |