Red Hat Bugzilla – Bug 888456
Update RHUI EC2 entitlement CA
Last modified: 2016-03-29 16:13:30 EDT
The entitlement CA for RHUI in EC2 expires in 2017 and due to the EOL for RHEL
6 changing to 2020, it needs to be updated before it expires.
At some point before 2017 we need to update it. Keep in mind, at some point we
will probably release RHEL 7 in EC2 and the CA will need to work well beyond
2020. So, we can probably choose any arbitrary date very out in the future.
A preliminary test with openssl indicates that you can extend the life of the
CA and the new cert will still verify certificates it had previously signed:
openssl x509 -in ca.crt -days 100000 -out ca-new.crt -signkey ca.key
openssl verify -CAfile ca-new.crt ../client/etc/pki/entitlement-rhel6/product/content-rhel6.crt
Version changed to 2.1 for consistency, as that is the "found in" field. If it will be added to 2.1.1, that will be in "Target Release" field.