Description of problem: All identity certs expire automatically after a year, requiring the user to manually intervene to continue using candlepin through that consumer either by re-registering with the client tool or re-generating their cert from rhsm-web. It would be a nicer user experience if this was done seamlessly for them - there is no advantage of having them do it manually, as this expiration is unrelated from their subscriptions