With this release, the engine-setup script now checks if the relevant certificates - including the internal CA certificate and those it signs - are set to expire soon or have already expired. If so, engine-setup now prompts users whether to renew the certificates. If users reply 'yes', the certificates are renewed. If users reply 'no', the certificates are not renewed, and users are prompted with the same question the next time they run engine-setup.
This feature addresses the situation where some older setups were at risk of the certificate expiring without the user knowing. Now, users are notified of impending expiry, and can renew the certificate in advance.
This functionality is not restricted to updates; users can run engine-setup at any time to check and renew the relevant certificates.
Renewing the certificate does not renew the certificates of hosts; you must manually reinstall all hosts and update browsers to accept the new certificate.
For more details, see the following - https://access.redhat.com/solutions/1572983