Hide Forgot
Description of problem: If a product certificate is corrupted the error message is not very helpful. For example: 2017-01-18 18:00:41,683 [INFO] subscription-manager:31445:MainThread @managercli.py:384 - Client Versions: {'python-rhsm': '1.17.9-1.el7', 'subscription-manager': '1.17.15-\ 1.el7.centos'} 2017-01-18 18:00:41,683 [INFO] subscription-manager:31445:MainThread @connection.py:830 - Connection built: host=https://devel.example.com port=443 handler=/rhsm auth=ident\ ity_cert ca_dir=/etc/rhsm/ca/ verify=True 2017-01-18 18:00:41,684 [INFO] subscription-manager:31445:MainThread @connection.py:830 - Connection built: host=https://devel.example.com port=443 handler=/rhsm auth=none 2017-01-18 18:00:41,684 [INFO] subscription-manager:31445:MainThread @managercli.py:384 - Client Versions: {'python-rhsm': '1.17.9-1.el7', 'subscription-manager': '1.17.15-\ 1.el7.centos'} 2017-01-18 18:00:41,684 [INFO] subscription-manager:31445:MainThread @managercli.py:359 - Consumer Identity name=None uuid=None 2017-01-18 18:00:41,685 [ERROR] subscription-manager:31445:MainThread @managercli.py:174 - exception caught in subscription-manager 2017-01-18 18:00:41,685 [ERROR] subscription-manager:31445:MainThread @managercli.py:175 - Error loading certificate Traceback (most recent call last): File "/sbin/subscription-manager", line 81, in <module> sys.exit(abs(main() or 0)) File "/sbin/subscription-manager", line 72, in main return managercli.ManagerCLI().main() File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 2744, in main return CLI.main(self) File "/usr/lib/python2.7/site-packages/subscription_manager/cli.py", line 160, in main return cmd.main() File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 526, in main return_code = self._do_command() File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 1070, in _do_command self.installed_mgr = inj.require(inj.INSTALLED_PRODUCTS_MANAGER) File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 103, in require return FEATURES.require(feature, *args, **kwargs) File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 77, in require self.providers[feature] = provider() File "/usr/lib/python2.7/site-packages/subscription_manager/cache.py", line 433, in __init__ self._setup_installed() File "/usr/lib/python2.7/site-packages/subscription_manager/cache.py", line 488, in _setup_installed for prod_cert in self.product_dir.list(): File "/usr/lib/python2.7/site-packages/subscription_manager/certdirectory.py", line 228, in list installed_prod_list = self.installed_prod_dir.list() File "/usr/lib/python2.7/site-packages/subscription_manager/certdirectory.py", line 121, in list listing.append(create_from_file(path)) File "/usr/lib64/python2.7/site-packages/rhsm/certificate.py", line 59, in create_from_file return _CertFactory().create_from_file(path) File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 70, in create_from_file return self._read_x509(_certificate.load(path), path, pem) File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 82, in _read_x509 raise CertificateException("Error loading certificate") CertificateException: Error loading certificate This was originally found in python-rhsm-1.17.9-1.el7.x86_64 It would be much more helpful if the python-rhsm error included which certificate it could not load.
Reproducing the failure on python-rhsm-1.17.9-1.el7.x86_64 ( on rhel73 manchine) subscription management server: 2.0.41-1 subscription management rules: 5.26 subscription-manager: 1.17.15-1.el7 python-rhsm: 1.17.9-1.el7 Steps ===== 1) have one or more product id files [root@kvm-02-guest07 ~]# ls /etc/pki/product 100000000000000.pem 100000000000002.pem 100000000000006.pem 100000000000060.pem 213412341234.pem 213412341237.pem 37060.pem 37067.pem 37070.pem 37091.pem 6050.pem 806.pem 908.pem 100000000000001.pem 100000000000003.pem 100000000000011.pem 100000000000069.pem 213412341235.pem 27060.pem 37062.pem 37068.pem 37080.pem 5050.pem 6051.pem 88888.pem 917571.pem 1000000000000023.pem 100000000000005.pem 100000000000020.pem 1.pem 213412341236.pem 32060.pem 37065.pem 37069.pem 37090.pem 5051.pem 801.pem 900.pem 98121.pem [root@kvm-02-guest07 ~]# ls /etc/pki/product-default/ 69.pem 2) modify the product cert file with junk values vi /etc/pki/product-default/69.pem 3)Execute subscription-manager list --installed [root@kvm-02-guest07 ~]# subscription-manager list --installed Error loading certificate rhsm.log =========== 2017-10-26 08:21:17,674 [INFO] subscription-manager:28056:MainThread @managercli.py:384 - Client Versions: {'python-rhsm': '1.17.9-1.el7', 'subscription-manager': '1.17.15-1.el7'} 2017-10-26 08:21:17,675 [INFO] subscription-manager:28056:MainThread @connection.py:830 - Connection built: host=subscription.rhsm.redhat.com port=443 handler=/subscription auth=identity_cert ca_dir=/etc/rhsm/ca/ verify=False 2017-10-26 08:21:17,675 [INFO] subscription-manager:28056:MainThread @connection.py:830 - Connection built: host=subscription.rhsm.redhat.com port=443 handler=/subscription auth=none 2017-10-26 08:21:17,699 [ERROR] subscription-manager:28056:MainThread @managercli.py:174 - exception caught in subscription-manager Error loading certificate 2017-10-26 08:21:17,700 [ERROR] subscription-manager:28056:MainThread @managercli.py:175 - Error loading certificate Traceback (most recent call last): File "/usr/sbin/subscription-manager", line 81, in <module> sys.exit(abs(main() or 0)) File "/usr/sbin/subscription-manager", line 72, in main return managercli.ManagerCLI().main() File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 2744, in main return CLI.main(self) File "/usr/lib/python2.7/site-packages/subscription_manager/cli.py", line 160, in main return cmd.main() File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 526, in main return_code = self._do_command() File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 2294, in _do_command iproducts = get_installed_product_status(self.product_dir, self.entitlement_dir, self.cp, self.options.filter_string) File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 238, in get_installed_product_status sorter = inj.require(inj.CERT_SORTER) File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 103, in require return FEATURES.require(feature, *args, **kwargs) File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 77, in require self.providers[feature] = provider() File "/usr/lib/python2.7/site-packages/subscription_manager/cert_sorter.py", line 322, in __init__ self.installed_mgr = inj.require(inj.INSTALLED_PRODUCTS_MANAGER) File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 103, in require return FEATURES.require(feature, *args, **kwargs) File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 77, in require self.providers[feature] = provider() File "/usr/lib/python2.7/site-packages/subscription_manager/cache.py", line 433, in __init__ self._setup_installed() File "/usr/lib/python2.7/site-packages/subscription_manager/cache.py", line 488, in _setup_installed for prod_cert in self.product_dir.list(): File "/usr/lib/python2.7/site-packages/subscription_manager/certdirectory.py", line 229, in list default_prod_list = self.default_prod_dir.list() File "/usr/lib/python2.7/site-packages/subscription_manager/certdirectory.py", line 121, in list listing.append(create_from_file(path)) File "/usr/lib64/python2.7/site-packages/rhsm/certificate.py", line 59, in create_from_file return _CertFactory().create_from_file(path) File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 70, in create_from_file return self._read_x509(_certificate.load(path), path, pem) File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 82, in _read_x509 raise CertificateException("Error loading certificate") CertificateException: Error loading certificate
Marking this bug as verified and for multiple corrupt cert issue the following bug has been logged: https://bugzilla.redhat.com/show_bug.cgi?id=1506958 [root@dhcp35-121 ~]# subscription-manager version server type: This system is currently not registered. subscription management server: 2.2.0-1 subscription management rules: 5.26 subscription-manager: 1.20.5-1.el7 [root@dhcp35-121 ~]# ls /etc/pki/product/ 100000000000000.pem 100000000000003.pem 100000000000020.pem 213412341234.pem 27060.pem 37065.pem 37070.pem 5050.pem 801.pem 908.pem 100000000000001.pem 100000000000005.pem 100000000000060.pem 213412341235.pem modified the product cert file with junk values vi /etc/pki/product-default/69.pem [root@dhcp35-121 ~]# ls /etc/pki/product-default/ 69.pem [root@dhcp35-121 ~]# subscription-manager list --installed System certificates corrupted. Please reregister. [root@dhcp35-121 ~]# tail -f /var/log/rhsm/rhsm.log self._tunnel() File "/usr/lib64/python2.7/httplib.py", line 792, in _tunnel message.strip())) error: Tunnel connection failed: 407 Proxy Authentication Required 2017-11-10 14:29:06,136 [ERROR] subscription-manager:4442:MainThread @identity.py:145 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 2] No such file or directory: '/etc/pki/consumer/key.pem' 2017-11-10 14:29:06,143 [INFO] subscription-manager:4442:MainThread @managercli.py:453 - X-Correlation-ID: bb4351be7527421d8edc3a69bb52f360 2017-11-10 14:29:06,144 [INFO] subscription-manager:4442:MainThread @managercli.py:342 - Client Versions: {'python-rhsm': '0.0.0-1', 'subscription-manager': '1.20.5-1.el7'} 2017-11-10 14:29:06,144 [INFO] subscription-manager:4442:MainThread @connection.py:836 - Connection built: host=F21-candlepin.usersys.redhat.com port=8443 handler=/candlepin auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False 2017-11-10 14:29:06,145 [INFO] subscription-manager:4442:MainThread @connection.py:836 - Connection built: host=F21-candlepin.usersys.redhat.com port=8443 handler=/candlepin auth=none 2017-11-10 14:29:06,175 [ERROR] subscription-manager:4442:MainThread @managercli.py:506 - Error loading certificate: /etc/pki/product-default/69.pem
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0681