Bug 888456

Summary: Update RHUI EC2 entitlement CA
Product: Red Hat Update Infrastructure for Cloud Providers Reporter: James Slagle <jslagle>
Component: OperationsAssignee: dgao
Status: CLOSED CURRENTRELEASE QA Contact: Martin Kočí <mkoci>
Severity: unspecified Docs Contact:
Priority: low    
Version: 2.1CC: bkearney, cduryee, sclewis, tsanders, whayutin
Target Milestone: ---Keywords: EC2, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-04 13:13:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description James Slagle 2012-12-18 18:16:56 UTC 
The entitlement CA for RHUI in EC2 expires in 2017 and due to the EOL for RHEL
6 changing to 2020, it needs to be updated before it expires.

At some point before 2017 we need to update it.  Keep in mind, at some point we
will probably release RHEL 7 in EC2 and the CA will need to work well beyond
2020.  So, we can probably choose any arbitrary date very out in the future.

A preliminary test with openssl indicates that you can extend the life of the
CA and the new cert will still verify certificates it had previously signed:

openssl x509 -in ca.crt -days 100000 -out ca-new.crt -signkey ca.key 
openssl verify -CAfile ca-new.crt ../client/etc/pki/entitlement-rhel6/product/content-rhel6.crt 
../client/etc/pki/entitlement-rhel6/product/content-rhel6.crt: OK
Comment 1 Scott Lewis 2012-12-18 19:46:50 UTC 
Version changed to 2.1 for consistency, as that is the "found in" field. If it will be added to 2.1.1, that will be in "Target Release" field.
Comment 6 Bryan Kearney 2016-08-04 13:12:53 UTC 
This has been fixed. If you are still seeing issues, please feel free to reopen.