Setting up RHSM certificates
You must create and download identification certificates through the Red Hat Subscription Management system to use the RHSM Download Plug-in.
Before you use the RHSM Download Plug-in, you must do the following steps to set up the RHSM certificate.
Ensure that you have met the prerequisites to using the RHSM Download Plug-in. The prerequities are found in Registering the RHSM Download Plug-in.
Register the RHSM Download Plug-in.
Update the plugin.ini file.
Create RHSM certificates through access.redhat.com
Add the certificates to the download plug-in. It is possible to add multiple certificates.
For more information about what other tasks you can do with the download plug-in, including configuring, extending, and unregistering the download plug-in, see Using the RHSM download plug-in section.
Do I need to register one system of each type (RHEL 6 Server, RHEL 7 Workstation, etc.) and obtain an “identity” certificate for them, or do I need to individually identify every Red Hat client device that we patch? I’m assuming that I only need to identify one of each type, but I’m not liking an answer we’re getting from Support on this.
For the purpose of using the RHSM download plugin, all you need is a set of certificates that covers all the entitlements for each type of system you have. It can be attached to a virtual system created just for this purpose or retrieved from actual entitled systems (doesn’t matter).
Can you PM me the PMR number on the support issue you opened?
It seems that these certificates are rotated by redhat(I think every 10 days) and downloads break when the old certificate is revoked(not sure how long of a period before they are revoked). Has anyone else noticed this happening and what was done to work around it?
We haven’t had any issues with certificate expiration/rotation/revocation (yet). We’ve been using RHSM since December, and only had to change our certificates once (when our maintenance subscription ended and we had to generate certs under the new entitlement).
Thanks Jason,
We had the same issue as well. Our agreement was renewed in February and we had to generate new certs. Those certificates stopped working on March 30th. One thing to note is we are using the certificates from an actual machine that checks into redhat. Are you using an actual machine or did you register a machine that does not exist in the redhat subscription manager then use those certificates?