Hide Forgot
Description of problem: when the test system was failed to do successful unregistration due to the following error Unregister failed: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:579) . In order to solve the issue I removed the consumer cert files manually from the /etc/pki/consumer directory. Now after a successful registration i see two golden ticket subscription exists on the system and it doesn't remove one even after trying subscription-manager refresh Version-Release number of selected component (if applicable): # subscription-manager version server type: Red Hat Subscription Management subscription management server: 2.1.0-1 subscription management rules: 5.23 subscription-manager: 1.19.12-1.el7 python-rhsm: 1.19.6-1.el7 How reproducible: Steps to Reproduce: 1.Register client to content access mode enabled org ( ex: snowwhite) Registering to: F21-candlepin.usersys.redhat.com:8443/candlepin Username: admin Password: Organization: snowwhite The system has been registered with ID: 79463b73-f079-49b6-98c8-95925060c8fb [root@dhcp35-238 consumer]# ll /etc/pki/entitlement/ total 8 -rw-------. 1 roo t root 1675 May 15 15:20 3253978700812051263-key.pem -rw-r--r--. 1 root root 2878 May 15 15:20 3253978700812051263.pem 2.Now manually remove the consumer cert files from /etc/pki/consumer [root@dhcp35-238 consumer]# ll total 8 -rw-r-----. 1 root root 1277 May 15 15:20 cert.pem -rw-r-----. 1 root root 1675 May 15 15:20 key.pem [root@dhcp35-238 consumer]# rm -rf * 3.Try to do a fresh registration [root@dhcp35-238 consumer]# subscription-manager register --force Registering to: F21-candlepin.usersys.redhat.com:8443/candlepin Username: admin Password: Organization: snowwhite The system has been registered with ID: fc9b3597-c426-4c5f-b730-a1764c8d6a91 5 local certificates have been deleted. [root@dhcp35-238 consumer]# ll /etc/pki/entitlement/ total 16 -rw-------. 1 root root 1675 May 15 15:20 3253978700812051263-key.pem -rw-r--r--. 1 root root 2878 May 15 15:20 3253978700812051263.pem -rw-------. 1 root root 1675 May 15 15:21 4032998023026564994-key.pem -rw-r--r--. 1 root root 2878 May 15 15:21 4032998023026564994.pem [root@dhcp35-238 consumer]# rct cc /etc/pki/entitlement/3253978700812051263.pem --no-content --no-product +-------------------------------------------+ Entitlement Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/entitlement/3253978700812051263.pem Version: 3.3 Serial: 3253978700812051263 Start Date: 2017-05-15 08:49:15+00:00 End Date: 2018-05-15 08:49:15+00:00 Pool ID: Not Available Subject: CN: 79463b73-f079-49b6-98c8-95925060c8fb O: snowwhite Issuer: C: US CN: F21-candlepin.usersys.redhat.com L: Raleigh Order: Name: Content Access Number: SKU: content_access Contract: Account: Service Level: Service Type: Quantity: Quantity Used: 1 Socket Limit: RAM Limit: Core Limit: Virt Only: False Stacking ID: Warning Period: 0 Provides Management: False [root@dhcp35-238 consumer]# rct cc /etc/pki/entitlement/4032998023026564994.pem --no-content --no-product +-------------------------------------------+ Entitlement Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/entitlement/4032998023026564994.pem Version: 3.3 Serial: 4032998023026564994 Start Date: 2017-05-15 08:49:57+00:00 End Date: 2018-05-15 08:49:57+00:00 Pool ID: Not Available Subject: CN: fc9b3597-c426-4c5f-b730-a1764c8d6a91 O: snowwhite Issuer: C: US CN: F21-candlepin.usersys.redhat.com L: Raleigh Order: Name: Content Access Number: SKU: content_access Contract: Account: Service Level: Service Type: Quantity: Quantity Used: 1 Socket Limit: RAM Limit: Core Limit: Virt Only: False Stacking ID: Warning Period: 0 Provides Management: False [root@dhcp35-238 consumer]# subscription-manager refresh All local data refreshed [root@dhcp35-238 consumer]# ll /etc/pki/entitlement/ total 16 -rw-------. 1 root root 1675 May 15 15:20 3253978700812051263-key.pem -rw-r--r--. 1 root root 2878 May 15 15:20 3253978700812051263.pem -rw-------. 1 root root 1675 May 15 15:22 4032998023026564994-key.pem -rw-r--r--. 1 root root 2878 May 15 15:22 4032998023026564994.pem Actual results: Notice two golden ticket subscription exists on the system , even after refresh first attached golden ticket subscription was not removed Expected results: system should have only on golden ticket entitlement attached Additional info:
May be, this PR fixes this problem too: https://github.com/candlepin/subscription-manager/pull/1624. I will try.
No, this is not duplicate bug and PR https://github.com/candlepin/subscription-manager/pull/1624 doesn't help here.
*** Bug 1450938 has been marked as a duplicate of this bug. ***
Reproducing the failure: ======================== [root@ibm-x3250m3-01 ~]# subscription-manager version server type: Red Hat Subscription Management subscription management server: 2.1.0-1 subscription management rules: 5.23 subscription-manager: 1.19.14-1.el7 python-rhsm: 1.19.6-1.el7 [root@ibm-x3250m3-01 ~]# subscription-manager register Registering to: F21-candlepin.usersys.redhat.com:8443/candlepin Username: admin Password: Organization: snowwhite The system has been registered with ID: 16889dcf-e575-4fff-a0f3-929a9ed5d82d [root@ibm-x3250m3-01 ~]# ll /etc/pki/entitlement/ total 8 -rw-------. 1 root root 1679 May 25 03:59 165905317496884634-key.pem -rw-r--r--. 1 root root 2878 May 25 03:59 165905317496884634.pem [root@ibm-x3250m3-01 ~]# subscription-manager list --consumed No consumed subscription pools to list [root@ibm-x3250m3-01 ~]# rct cc /etc/pki/entitlement/165905317496884634.pem --no-product --no-content +-------------------------------------------+ Entitlement Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/entitlement/165905317496884634.pem Version: 3.3 Serial: 165905317496884634 Start Date: 2017-05-25 06:59:10+00:00 End Date: 2018-05-25 06:59:10+00:00 Pool ID: Not Available Subject: CN: 16889dcf-e575-4fff-a0f3-929a9ed5d82d O: snowwhite Issuer: C: US CN: F21-candlepin.usersys.redhat.com L: Raleigh Order: Name: Content Access Number: SKU: content_access Contract: Account: Service Level: Service Type: Quantity: Quantity Used: 1 Socket Limit: RAM Limit: Core Limit: Virt Only: False Stacking ID: Warning Period: 0 Provides Management: False [root@ibm-x3250m3-01 ~]# ll /etc/pki/consumer/ total 8 -rw-r-----. 1 root root 1371 May 25 03:59 cert.pem -rw-r-----. 1 root root 1679 May 25 03:59 key.pem [root@ibm-x3250m3-01 ~]# rm -rf /etc/pki/consumer/* [root@ibm-x3250m3-01 ~]# ll /etc/pki/consumer/ total 0 [root@ibm-x3250m3-01 ~]# [root@ibm-x3250m3-01 ~]# ll /etc/pki/entitlement/ total 8 -rw-------. 1 root root 1679 May 25 03:59 165905317496884634-key.pem -rw-r--r--. 1 root root 2878 May 25 03:59 165905317496884634.pem [root@ibm-x3250m3-01 ~]# subscription-manager register --force Registering to: F21-candlepin.usersys.redhat.com:8443/candlepin Username: admin Password: Organization: snowwhite The system has been registered with ID: 20f65a23-ade6-4c3a-9242-7ae902a33dd2 [root@ibm-x3250m3-01 ~]# ll /etc/pki/entitlement/ total 16 -rw-------. 1 root root 1679 May 25 03:59 165905317496884634-key.pem -rw-r--r--. 1 root root 2878 May 25 03:59 165905317496884634.pem -rw-------. 1 root root 1679 May 25 04:01 4111243518403435993-key.pem -rw-r--r--. 1 root root 2878 May 25 04:01 4111243518403435993.pem [root@ibm-x3250m3-01 ~]# rct cc /etc/pki/entitlement/4111243518403435993.pem --no-product --no-content +-------------------------------------------+ Entitlement Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/entitlement/4111243518403435993.pem Version: 3.3 Serial: 4111243518403435993 Start Date: 2017-05-25 07:01:14+00:00 End Date: 2018-05-25 07:01:14+00:00 Pool ID: Not Available Subject: CN: 20f65a23-ade6-4c3a-9242-7ae902a33dd2 O: snowwhite Issuer: C: US CN: F21-candlepin.usersys.redhat.com L: Raleigh Order: Name: Content Access Number: SKU: content_access Contract: Account: Service Level: Service Type: Quantity: Quantity Used: 1 Socket Limit: RAM Limit: Core Limit: Virt Only: False Stacking ID: Warning Period: 0 Provides Management: False [root@ibm-x3250m3-01 ~]# subscription-manager refresh All local data refreshed [root@ibm-x3250m3-01 ~]# ll /etc/pki/entitlement/ total 16 -rw-------. 1 root root 1679 May 25 03:59 165905317496884634-key.pem -rw-r--r--. 1 root root 2878 May 25 03:59 165905317496884634.pem -rw-------. 1 root root 1679 May 25 04:02 4111243518403435993-key.pem -rw-r--r--. 1 root root 2878 May 25 04:02 4111243518403435993.pem ^^ Reproduced system with two golden ticket entitlement certificates Updating the system to latest subscription-manger packages from brew : ======================================================================= [root@ibm-x3250m3-01 ~]# subscription-manager version server type: Red Hat Subscription Management subscription management server: 2.1.0-1 subscription management rules: 5.23 subscription-manager: 1.19.15-1.el7 python-rhsm: 1.19.6-1.el7 [root@ibm-x3250m3-01 ~]# subscription-manager register Registering to: F21-candlepin.usersys.redhat.com:8443/candlepin Username: admin Password: Organization: snowwhite The system has been registered with ID: 35608924-f40a-4355-ac86-ca9721d53913 [root@ibm-x3250m3-01 ~]# subscription-manager list --consumed No consumed subscription pools to list [root@ibm-x3250m3-01 ~]# ll /etc/pki/entitlement/ total 8 -rw-------. 1 root root 1675 May 25 04:52 7980981120534212659-key.pem -rw-r--r--. 1 root root 2878 May 25 04:52 7980981120534212659.pem [root@ibm-x3250m3-01 ~]# rct cc /etc/pki/entitlement/7980981120534212659.pem --no-content --no-product +-------------------------------------------+ Entitlement Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/entitlement/7980981120534212659.pem Version: 3.3 Serial: 7980981120534212659 Start Date: 2017-05-25 07:52:17+00:00 End Date: 2018-05-25 07:52:17+00:00 Pool ID: Not Available Subject: CN: 35608924-f40a-4355-ac86-ca9721d53913 O: snowwhite Issuer: C: US CN: F21-candlepin.usersys.redhat.com L: Raleigh Order: Name: Content Access Number: SKU: content_access Contract: Account: Service Level: Service Type: Quantity: Quantity Used: 1 Socket Limit: RAM Limit: Core Limit: Virt Only: False Stacking ID: Warning Period: 0 Provides Management: False [root@ibm-x3250m3-01 ~]# rm -rf /etc/pki/consumer/* [root@ibm-x3250m3-01 ~]# ll /etc/pki/consumer/* ls: cannot access /etc/pki/consumer/*: No such file or directory [root@ibm-x3250m3-01 ~]# ll /etc/pki/entitlement/ total 8 -rw-------. 1 root root 1675 May 25 04:52 7980981120534212659-key.pem -rw-r--r--. 1 root root 2878 May 25 04:52 7980981120534212659.pem [root@ibm-x3250m3-01 ~]# subscription-manager register --force Registering to: F21-candlepin.usersys.redhat.com:8443/candlepin Username: admin Password: Organization: snowwhite The system has been registered with ID: 9b0618c5-01de-4b65-b034-1c75153c0e7d 1 local certificate has been deleted. [root@ibm-x3250m3-01 ~]# ll /etc/pki/entitlement/ total 8 -rw-------. 1 root root 1675 May 25 04:54 4619315142839584121-key.pem -rw-r--r--. 1 root root 2878 May 25 04:54 4619315142839584121.pem [root@ibm-x3250m3-01 ~]# rct cc /etc/pki/entitlement/4619315142839584121.pem --no-content --no-product +-------------------------------------------+ Entitlement Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/entitlement/4619315142839584121.pem Version: 3.3 Serial: 4619315142839584121 Start Date: 2017-05-25 07:54:34+00:00 End Date: 2018-05-25 07:54:34+00:00 Pool ID: Not Available Subject: CN: 9b0618c5-01de-4b65-b034-1c75153c0e7d O: snowwhite Issuer: C: US CN: F21-candlepin.usersys.redhat.com L: Raleigh Order: Name: Content Access Number: SKU: content_access Contract: Account: Service Level: Service Type: Quantity: Quantity Used: 1 Socket Limit: RAM Limit: Core Limit: Virt Only: False Stacking ID: Warning Period: 0 Provides Management: False ^^ Observed that the old golden ticket entitlement certificate was removed and a new golden ticket subscription was attached. Based on the above observation , marking this bug as verified!!
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2083