Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1425722

Summary: rhsmcertd update is not automatically regenerating consumer cert
Product: Red Hat Enterprise Linux 6 Reporter: qianzhan
Component: subscription-managerAssignee: candlepin-bugs
Status: CLOSED WORKSFORME QA Contact: John Sefler <jsefler>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.9CC: bcourt, candlepin-bugs, dgoodwin, fsharath, jmolet, jsefler, qianzhan, redakkan, skallesh, spandey
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 923159 Environment:
Last Closed: 2017-02-27 08:43:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 923159    
Bug Blocks: 863175, 1231074    
Attachments:
Description Flags
rhsm.log
none
rhsmcertd.log none

Comment 2 qianzhan 2017-02-22 08:42:03 UTC 
The attachments are 'rhsm.log' and 'rhsmcertd.log'.
Comment 3 qianzhan 2017-02-22 08:42:31 UTC 
Created attachment 1256376 [details]
rhsm.log
Comment 4 qianzhan 2017-02-22 08:42:56 UTC 
Created attachment 1256378 [details]
rhsmcertd.log
Comment 5 Barnaby Court 2017-02-23 14:46:52 UTC 
The certificate expiration is checked server side. If you update the time on the Satellite Server and the client and then restart the satellite server do you still see the reported bug?
Comment 6 qianzhan 2017-02-24 06:35:40 UTC 
1. I tried to restart satellite and then check the client after 2 mins, but the bug still exists:

[root@ibm-x3650-03 ~]# katello-service restart
Redirecting to /bin/systemctl stop  foreman-tasks.service

Redirecting to /bin/systemctl stop  httpd.service

Redirecting to /bin/systemctl stop  pulp_workers.service

Redirecting to /bin/systemctl stop  foreman-proxy.service

Redirecting to /bin/systemctl stop  pulp_streamer.service

Redirecting to /bin/systemctl stop  pulp_resource_manager.service

Redirecting to /bin/systemctl stop  pulp_celerybeat.service

Redirecting to /bin/systemctl stop  smart_proxy_dynflow_core.service

Redirecting to /bin/systemctl stop  tomcat.service

Redirecting to /bin/systemctl stop  squid.service

Redirecting to /bin/systemctl stop  qdrouterd.service

Redirecting to /bin/systemctl stop  qpidd.service

Redirecting to /bin/systemctl stop  postgresql.service

Redirecting to /bin/systemctl stop  mongod.service

Success!
Redirecting to /bin/systemctl start  mongod.service

Redirecting to /bin/systemctl start  postgresql.service

Redirecting to /bin/systemctl start  qpidd.service

Redirecting to /bin/systemctl start  qdrouterd.service

Redirecting to /bin/systemctl start  squid.service

Redirecting to /bin/systemctl start  tomcat.service

Redirecting to /bin/systemctl start  smart_proxy_dynflow_core.service

Redirecting to /bin/systemctl start  pulp_celerybeat.service

Redirecting to /bin/systemctl start  pulp_resource_manager.service

Redirecting to /bin/systemctl start  pulp_streamer.service

Redirecting to /bin/systemctl start  foreman-proxy.service

Redirecting to /bin/systemctl start  pulp_workers.service

Redirecting to /bin/systemctl start  httpd.service

Redirecting to /bin/systemctl start  foreman-tasks.service

Success!
[root@ibm-x3650-03 ~]# sleep 120

[root@dhcp-128-57 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2017-02-24 06:19:25+00:00
	End Date: 2033-02-24 06:19:25+00:00


2. After step 1, I restart rhsmcertd on client, and tried again, still failed to see the cert regeneration:
[root@dhcp-128-57 ~]# service rhsmcertd restart
Stopping rhsmcertd...                                      [  OK  ]
Starting rhsmcertd...                                      [  OK  ]
[root@dhcp-128-57 ~]# sleep 120
[root@dhcp-128-57 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2017-02-24 06:19:25+00:00
	End Date: 2033-02-24 06:19:25+00:00
[root@dhcp-128-57 ~]#
Comment 7 qianzhan 2017-02-27 06:58:55 UTC 
Can not reproduced this bug on RHEL-6.9-20170226.0 against SAM

1. 
[root@hp-dl2x170g6-02 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 1.4.3.28-1.el6sam_splice-Headpin
subscription management rules: Unknown
subscription-manager: 1.18.10-1.el6
python-rhsm: 1.18.6-1.el6

2.

[root@hp-dl2x170g6-02 ~]# date -s '+15 year +9 month +2 day'
Mon Nov 29 06:42:08 EST 2032
[root@hp-dl2x170g6-02 ~]# service rhsmcertd restart
Stopping rhsmcertd...                                      [  OK  ]
Starting rhsmcertd...                                      [  OK  ]
[root@hp-dl2x170g6-02 ~]# sleep 120
[root@hp-dl2x170g6-02 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2032-11-29 11:45:15+00:00
	End Date: 2048-11-29 11:45:15+00:00
[root@hp-dl2x170g6-02 ~]#
Comment 8 qianzhan 2017-02-27 08:43:03 UTC 
This bug can not be reproduced on RHEL-6.9-20170226.0 against Satellite6.2.7:

[root@hp-dl2x170g6-02 ~]# date -s '+15 year +9 month +2 day'
Mon Nov 29 03:38:13 EST 2032
[root@hp-dl2x170g6-02 ~]# service rhsmcertd restart
Stopping rhsmcertd...                                      [  OK  ]
Starting rhsmcertd...                                      [  OK  ]
[root@hp-dl2x170g6-02 ~]# sleep 120
[root@hp-dl2x170g6-02 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2032-11-29 08:40:14+00:00
	End Date: 2048-11-29 08:40:14+00:00

Close this bug as WORKSFORME.