Bug 888456 - Update RHUI EC2 entitlement CA
Summary: Update RHUI EC2 entitlement CA
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: Operations
Version: 2.1
Hardware: Unspecified
OS: Unspecified
low
unspecified
Target Milestone: ---
: ---
Assignee: dgao
QA Contact: Martin Kočí
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-12-18 18:16 UTC by James Slagle
Modified: 2016-08-04 13:13 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-04 13:13:22 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description James Slagle 2012-12-18 18:16:56 UTC 
The entitlement CA for RHUI in EC2 expires in 2017 and due to the EOL for RHEL
6 changing to 2020, it needs to be updated before it expires.

At some point before 2017 we need to update it.  Keep in mind, at some point we
will probably release RHEL 7 in EC2 and the CA will need to work well beyond
2020.  So, we can probably choose any arbitrary date very out in the future.

A preliminary test with openssl indicates that you can extend the life of the
CA and the new cert will still verify certificates it had previously signed:

openssl x509 -in ca.crt -days 100000 -out ca-new.crt -signkey ca.key 
openssl verify -CAfile ca-new.crt ../client/etc/pki/entitlement-rhel6/product/content-rhel6.crt 
../client/etc/pki/entitlement-rhel6/product/content-rhel6.crt: OK
Comment 1 Scott Lewis 2012-12-18 19:46:50 UTC 
Version changed to 2.1 for consistency, as that is the "found in" field. If it will be added to 2.1.1, that will be in "Target Release" field.
Comment 6 Bryan Kearney 2016-08-04 13:12:53 UTC 
This has been fixed. If you are still seeing issues, please feel free to reopen.
Note You need to log in before you can comment on or make changes to this bug.