Description of problem: The following is cut from the doc https://docspace.corp.redhat.com/docs/DOC-30244 which describes the OID structure for the Order Namespace within the entitlement certificates: 1.3.6.1.4.1.2312.9.4 (Order Namespace) 1.3.6.1.4.1.2312.9.4.1 (Name): Red Hat Enterprise Linux Server 1.3.6.1.4.1.2312.9.4.2 (Order Number) : 12345 1.3.6.1.4.1.2312.9.4.3 (SKU) : MCT0982 1.3.6.1.4.1.2312.9.4.4 (Subscription Number) : abcd-ef12-1234-5678 1.3.6.1.4.1.2312.9.4.5 (Quantity) : 100 1.3.6.1.4.1.2312.9.4.6 (Entitlement Start Date) : 1/1/2010 1.3.6.1.4.1.2312.9.4.7 (Entitlement End Date) : 12/31/2011 1.3.6.1.4.1.2312.9.4.8 (Subtype) : Supplementary 1.3.6.1.4.1.2312.9.4.9 (Virtualization Limit) : 4 1.3.6.1.4.1.2312.9.4.10 (Socket Limit) : None 1.3.6.1.4.1.2312.9.4.11 (Product Option Code) : 98 1.3.6.1.4.1.2312.9.4.12 (Contract Number): 152341643 1.3.6.1.4.1.2312.9.4.13 (Quantity Used): 4 1.3.6.1.4.1.2312.9.4.14 (Warning Period): 30 Taking a closer look at an example entitlement cert served by candlepin, the following values are missing. 1.3.6.1.4.1.2312.9.4.3 (SKU) : MCT0982 1.3.6.1.4.1.2312.9.4.4 (Subscription Number) : abcd-ef12-1234-5678 1.3.6.1.4.1.2312.9.4.8 (Subtype) : Supplementary 1.3.6.1.4.1.2312.9.4.9 (Virtualization Limit) : 4 1.3.6.1.4.1.2312.9.4.10 (Socket Limit) : None 1.3.6.1.4.1.2312.9.4.11 (Product Option Code) : 98 [root@jsefler-rhel6-client01 ~]# subscription-manager-cli list --available | grep PoolId PoolId: ff8080812b7b6b08012b7b6c0b9a00ca [root@jsefler-rhel6-client01 ~]# subscription-manager-cli subscribe --pool=ff8080812b7b6b08012b7b6c0b9a00ca [root@jsefler-rhel6-client01 ~]# openssl x509 -noout -text -in /etc/pki/entitlement/product/1128631322859633.pem | grep -A1 1.3.6.1.4.1.2312.9.4 1.3.6.1.4.1.2312.9.4.1: ..MKT-rhel-server 1.3.6.1.4.1.2312.9.4.2: . ff8080812b7b6b08012b7b6b95100052 1.3.6.1.4.1.2312.9.4.5: ..10 1.3.6.1.4.1.2312.9.4.6: ..2010-10-05T00:00:00Z 1.3.6.1.4.1.2312.9.4.7: ..2011-10-05T00:00:00Z 1.3.6.1.4.1.2312.9.4.14: ..0 1.3.6.1.4.1.2312.9.4.12: ..0 1.3.6.1.4.1.2312.9.4.13: ..1 I'm not sure if these missing values are a big deal, however they are missing.
Mark: Please confirm 1.3.6.1.4.1.2312.9.4.3 (SKU) : MCT0982 Should be there. 1.3.6.1.4.1.2312.9.4.4 (Subscription Number) : abcd-ef12-1234-5678 Optional, should exist only if created by a reg number. 1.3.6.1.4.1.2312.9.4.8 (Subtype) : Supplementary Obsolete, should be removed. 1.3.6.1.4.1.2312.9.4.9 (Virtualization Limit) : 4 1.3.6.1.4.1.2312.9.4.10 (Socket Limit) : None 1.3.6.1.4.1.2312.9.4.11 (Product Option Code) : 98 Obsolete, should be removed.
Subtype and option code likely need to stay for legacy skus. Otherwise I agree with bk's comment.
Mark chatted with Amanda, and the following should occur: 1.3.6.1.4.1.2312.9.4.3 (SKU) : MCT0982 Should be there. 1.3.6.1.4.1.2312.9.4.4 (Subscription Number) : abcd-ef12-1234-5678 Optional, should exist only if created by a reg number. 1.3.6.1.4.1.2312.9.4.8 (Subtype) : Supplementary Obsolete, should be removed. Move all others up. Update doco. 1.3.6.1.4.1.2312.9.4.9 (Virtualization Limit) : 4 1.3.6.1.4.1.2312.9.4.10 (Socket Limit) : None 1.3.6.1.4.1.2312.9.4.11 (Product Option Code) : 98 Obsolete, should be removed. Update doco.
fixed in candlepin: 8ae14219f94dc78330b0ac5e5e2cefbbd19e2ab4 subscription-manager: 92fa0cc8f6a94510e86d07a4bd1b268742a7439c
FROM DOC https://docspace.corp.redhat.com/docs/DOC-30244 1.3.6.1.4.1.2312.9.4 (Order Namespace) 1.3.6.1.4.1.2312.9.4.1 (Name): Red Hat Enterprise Linux Server 1.3.6.1.4.1.2312.9.4.2 (Order Number) : 12345 1.3.6.1.4.1.2312.9.4.3 (SKU) : MCT0982 1.3.6.1.4.1.2312.9.4.4 (Subscription Number) : abcd-ef12-1234-5678 1.3.6.1.4.1.2312.9.4.5 (Quantity) : 100 1.3.6.1.4.1.2312.9.4.6 (Entitlement Start Date) : 1/1/2010 1.3.6.1.4.1.2312.9.4.7 (Entitlement End Date) : 12/31/2011 1.3.6.1.4.1.2312.9.4.8 (Virtualization Limit) : 4 1.3.6.1.4.1.2312.9.4.9 (Socket Limit) : None 1.3.6.1.4.1.2312.9.4.10 (Contract Number): 152341643 1.3.6.1.4.1.2312.9.4.11 (Quantity Used): 4 1.3.6.1.4.1.2312.9.4.12 (Warning Period): 30 1.3.6.1.4.1.2312.9.4.13 (Account Number): 9876543210 1.3.6.1.4.1.2312.9.4.14 (Provides Management): 0 (boolean, 1 for true) [root@jsefler-onprem02 ~]# openssl x509 -noout -text -in /etc/pki/entitlement/11291757215456231.pem | grep -A1 1.3.6.1.4.1.2312.9.4 1.3.6.1.4.1.2312.9.4.1: ..RHEL Workstation 1.3.6.1.4.1.2312.9.4.2: . ff8080812cc27e10012cc27e9037008c 1.3.6.1.4.1.2312.9.4.3: ..MKT-rhel-workstation-mkt 1.3.6.1.4.1.2312.9.4.5: ..10 1.3.6.1.4.1.2312.9.4.6: ..2010-12-07T00:00:00Z 1.3.6.1.4.1.2312.9.4.7: ..2011-12-07T00:00:00Z 1.3.6.1.4.1.2312.9.4.12: ..30 1.3.6.1.4.1.2312.9.4.10: ..34 1.3.6.1.4.1.2312.9.4.13: ..12331131231 1.3.6.1.4.1.2312.9.4.14: ..0 1.3.6.1.4.1.2312.9.4.11: ..1 The oid positions in the generated entitlements are now in agreement with the doc. The 8(Virtualization Limit) and 9(Socket Limit) appear to be as needed by the subscription The 4(Subscription Number) is missing in this example because the entitlement was not generated as a result of registering with a regtoken. MOVING TO VERIFIED