I'm not entirely sure where to put this. When creating entitlement certificates, we allow the customer to select a subset of the overall product entitlements granted to them (this is already in the docs, or at least there's already a bugzilla describing it). The common use case will be that we give them a certificate that grants access to both RHEL 5 and RHEL 6. That means the RHUI will serve both versions in the yum repos. However, we don't want clients accessing both at the same time. This is where the drive for the entitlement certificate product selection came from. The customer should make one entitlement certificate for RHEL 5 and a different one for RHEL 6, then making sure to deploy the correct one on the client instances depending on version. Bad things would happen if they made a client RPM that was configured to download from both RHEL 5 and 6. So we should probably note that, since it's going to be a common enough scenario that cloud providers find themselves in.
Added to content spec - Entitlement Certificates. LKB
<important> <title>Important</title> <para> Once you have been granted a certificate, ensure that clients are only able to access one at a time. Only allow client instances to download the certificate they require for their version of the image, and no other certificates. </para> </important> Revision 0-4. LKB
Fixed in another BZ. LKB
Published 14 December 2010: http://docs.redhat.com/docs/en-US/Red_Hat_Update_Infrastructure/1.2/html/Installation_Guide/index.html Please raise any issues as new bugs against this live version. Thanks, LKB