Hide Forgot
Description of problem: 1. deploy a standalone candlepin, and configure subscription manager to use it 2. run subscription-manager-cli register (you now have /etc/pki/consumer/*.pem files) 3. redeploy your standalone candlepin, with FORCECERT=1 4. run subscription-manager-cli register --force you'll get an ssl error. sm sees that there's a peer cert, and loads it up for use, regardless of the command running. sm should not use the cert for a register command (just like initial registration). Alternatively, sm could detect a peer verify fail, and retry without the cert. This will happen when switching from cert-fte to standalone, too.
Potential fix sent to prad/jortel.
THis is fixed with the new secure/insecure mode.
[root@client01-rhel6-beta2 src]# ./subscription-manager-cli register --username=testuser1 --pass=password 506d9744-cf00-4717-830e-1be2193f1733 testuser1 Redeploy [root@client01-rhel6-beta2 src]# ./subscription-manager-cli register --username=testuser1 --pass=password --force 0c1a5575-bdea-442d-8333-3241886d7ce4 testuser1 [root@client01-rhel6-beta2 src]# verified
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0611.html