Bug 888456 - Update RHUI EC2 entitlement CA
Update RHUI EC2 entitlement CA
Status: NEW
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: Operations (Show other bugs)
2.1
Unspecified Unspecified
low Severity unspecified
: ---
: ---
Assigned To: dgao
Martin Minar
: EC2, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-18 13:16 EST by James Slagle
Modified: 2016-03-29 16:13 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description James Slagle 2012-12-18 13:16:56 EST
The entitlement CA for RHUI in EC2 expires in 2017 and due to the EOL for RHEL
6 changing to 2020, it needs to be updated before it expires.

At some point before 2017 we need to update it.  Keep in mind, at some point we
will probably release RHEL 7 in EC2 and the CA will need to work well beyond
2020.  So, we can probably choose any arbitrary date very out in the future.

A preliminary test with openssl indicates that you can extend the life of the
CA and the new cert will still verify certificates it had previously signed:

openssl x509 -in ca.crt -days 100000 -out ca-new.crt -signkey ca.key 
openssl verify -CAfile ca-new.crt ../client/etc/pki/entitlement-rhel6/product/content-rhel6.crt 
../client/etc/pki/entitlement-rhel6/product/content-rhel6.crt: OK
Comment 1 Scott Lewis 2012-12-18 14:46:50 EST
Version changed to 2.1 for consistency, as that is the "found in" field. If it will be added to 2.1.1, that will be in "Target Release" field.

Note You need to log in before you can comment on or make changes to this bug.