Description of problem: Currently, the public portion of the entitlement CA certificate is not in the certificate manifest. This file is generally useful since it can be used to validate that manifest certs. This RFE is to bundle the public portion of the entitlement CA somewhere in the manifest zip file.
sorry, I hit "submit" while editing the description. The entitlement CA certificate can be used to validate that the entitlement certificates in the manifest are in fact signed by Red Hat. This request is to add the entitlement CA certificate to the manifest file generated by candlepin. Note that the CA cert is different from the CA private key; the former is used to validate signatures and the latter is used for signing.
Closing because including the key used to validate in the same payload that the things it will be used to validate would not prevent a man in the middle from replacing both the signing key & the entitlement certificates. Please re-open w/ more details on the scenario & need for it if you would still like to have this feature.