Created attachment 397026 [details] Current and new CA certificates (RHNS-CA-CERT) The current Red Hat Network CA certificate expires on August 26th 2013. This CA is distributed with products such as Red Hat Enterprise Linux which connect to the Red Hat Network and is used to verify their connection to the service. In order to ensure that products can continue to connect to Red Hat Network after Aug 26th 2013 we need to make sure we also include the new CA certificate. The new CA expires Feb 24th 2020.
Hello Mark, we have the 2010 -- 2020 one in the latest rhn-client-tools in RHEL 6. However, the MD5 differs from the file in attachment 397026 [details] (the downloaded attachment was stored in /tmp): # diff -u /tmp/RHNS-CA-CERT /usr/share/rhn/RHNS-CA-CERT --- /tmp/RHNS-CA-CERT 2010-05-13 14:15:07.359570510 +0200 +++ /usr/share/rhn/RHNS-CA-CERT 2010-04-08 11:37:25.000000000 +0200 @@ -23,14 +23,14 @@ 18:c4:04:af:4f:15:69:89:9b Exponent: 65537 (0x10001) X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 69:44:27:05:DC:2E:ED:A5:F4:81:C4:D7:78:45:E7:44:5D:F8:87:47 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:69:44:27:05:DC:2E:ED:A5:F4:81:C4:D7:78:45:E7:44:5D:F8:87:47 DirName:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=RHN Certificate Authority/emailAddress=rhn-noc serial:00 - X509v3 Basic Constraints: + X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption 23:c9:ca:07:9f:5e:96:39:83:e0:4e:da:dd:47:84:30:ca:d4: @@ -100,14 +100,14 @@ ad:f9 Exponent: 65537 (0x10001) X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 15:F1:11:00:0A:34:A1:A2:56:BB:2F:57:1E:59:E2:7F:6A:CF:EA:43 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:15:F1:11:00:0A:34:A1:A2:56:BB:2F:57:1E:59:E2:7F:6A:CF:EA:43 DirName:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=RHN Certificate Authority/emailAddress=rhn-noc serial:2A - X509v3 Basic Constraints: + X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 2d:1b:a6:e7:df:b2:9e:2e:e4:1a:4d:e1:58:97:c2:82:18:10: # diff -bu /tmp/RHNS-CA-CERT /usr/share/rhn/RHNS-CA-CERT # rpm -qf /usr/share/rhn/RHNS-CA-CERT rhn-client-tools-1.0.0-4.el6.noarch # sha256sum /usr/share/rhn/RHNS-CA-CERT bf2706255884cb7ee848eb3eac428407fcf9bac1693679719a02b30a736e7f0d /usr/share/rhn/RHNS-CA-CERT # sha256sum /tmp/RHNS-CA-CERT 1240f38a7a2e7268b9452e42151f3f59c608ca296ef7a019bae170f228844e3d /tmp/RHNS-CA-CERT Your file has space after the colon in the above lines. Can you confirm that it's OK to ship the file that we already have in rhn-client-tools, without the spaces, with SHA 256 of bf2706255884cb7ee848eb3eac428407fcf9bac1693679719a02b30a736e7f0d? Thank you, Jan
confirmed, all ok. /mnt/brew/packages/rhn-client-tools/1.0.0/4.el6/noarch/rhn-client-tools-1.0.0-4.el6.noarch.rpm $ grep -v : RHNS-CA-CERT | sha1sum da961204b4389ba75db233a82610b39da21baefc - from attachment $ grep -v : RHNS-CA-CERT | sha1sum da961204b4389ba75db233a82610b39da21baefc -