Hide Forgot
Description of problem: When importing an entitlement cert/key bundle that was exported from rhsm-web, the file can be named anything by the user (e.g. save file as /tmp/entitlement.cert), then after importing the certificate, rhsm splits the file into /etc/pki/entitlement/entitlement.cert and /etc/pki/entitlement/entitlement-key.cert), however the subscription-manager list --consumed is empty. If I change the name of the imported files to the <hash>.pem and <hash>-key.pem, then the list --consumed works. Version-Release number of selected component (if applicable): [root@jsefler-onprem-62server ~]# rpm -q subscription-manager subscription-manager-0.96.7-1.git.14.c203b16.el6.x86_64 How reproducible: Steps to Reproduce: [root@jsefler-onprem-62server ~]# subscription-manager register --username=testuser1 --password=password --org=admin The system has been registered with id: dc70b10f-c7fb-4258-a162-d8a3ff94073d [root@jsefler-onprem-62server ~]# subscription-manager list --avail | grep -A1 ProductId ProductId: management-100 PoolId: 8a90f8c6321781e0013217835fd20279 -- [root@jsefler-onprem-62server ~]# subscription-manager subscribe --pool=8a90f8c6321781e0013217835fd20279 Successfully subscribed the system to Pool 8a90f8c6321781e0013217835fd20279 [root@jsefler-onprem-62server ~]# subscription-manager list --consumed +-------------------------------------------+ Consumed Product Subscriptions +-------------------------------------------+ ProductName: Management Add-On ContractNumber: 71 AccountNumber: 12331131231 SerialNumber: 3567730850023029883 Active: True QuantityUsed: 1 Begins: 08/28/2011 Expires: 08/27/2012 [root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/ 3567730850023029883-key.pem 3567730850023029883.pem [root@jsefler-onprem-62server ~]# cd /etc/pki/entitlement/ [root@jsefler-onprem-62server entitlement]# cat 3567730850023029883.pem 3567730850023029883-key.pem > /tmp/entitlement.cert [root@jsefler-onprem-62server entitlement]# cat 3567730850023029883.pem 3567730850023029883-key.pem > /tmp/entitlement.pem [root@jsefler-onprem-62server entitlement]# cat 3567730850023029883.pem 3567730850023029883-key.pem > /tmp/3567730850023029883 [root@jsefler-onprem-62server entitlement]# cat 3567730850023029883.pem 3567730850023029883-key.pem > /tmp/3567730850023029883.pem ^^^ GENERATED FOUR IMPORT CASES AND YOU WILL SEE THAT TWO OF THEM WILL FAIL [root@jsefler-onprem-62server entitlement]# rm /etc/pki/entitlement/* rm: remove regular file `/etc/pki/entitlement/3567730850023029883-key.pem'? y rm: remove regular file `/etc/pki/entitlement/3567730850023029883.pem'? y [root@jsefler-onprem-62server entitlement]# [root@jsefler-onprem-62server entitlement]# subscription-manager import --certificate /tmp/entitlement.cert Successfully imported certificate entitlement.cert [root@jsefler-onprem-62server entitlement]# ls /etc/pki/entitlement/ entitlement.cert entitlement-key.cert [root@jsefler-onprem-62server entitlement]# subscription-manager list --consumed No Consumed subscription pools to list ^^^ BANG! THE IMPORT APPEARS SUCCESSFUL AND CORRECTLY SPLITS THE IMPORT FILE, BUT THE LIST --consumed FAILS LET'S TRY AGAIN... MAYBE ITS THE FILE EXTENSION THAT IS IMPORTANT? [root@jsefler-onprem-62server entitlement]# rm -f /etc/pki/entitlement/* [root@jsefler-onprem-62server entitlement]# subscription-manager import --certificate /tmp/entitlement.pem Successfully imported certificate entitlement.pem [root@jsefler-onprem-62server entitlement]# ls /etc/pki/entitlement/ entitlement-key.pem entitlement.pem [root@jsefler-onprem-62server entitlement]# subscription-manager list --consumed No Consumed subscription pools to list [root@jsefler-onprem-62server entitlement]# ^^^ BANG! FAILED WITH A .pem EXTENSION TOO NOW LET"S TRY WITH THIRD CASE... [root@jsefler-onprem-62server entitlement]# rm -f /etc/pki/entitlement/* [root@jsefler-onprem-62server entitlement]# subscription-manager import --certificate /tmp/3567730850023029883 Successfully imported certificate 3567730850023029883 [root@jsefler-onprem-62server entitlement]# ls /etc/pki/entitlement/ 3567730850023029883 3567730850023029883-key [root@jsefler-onprem-62server entitlement]# subscription-manager list --consumed No Consumed subscription pools to list ^^^ BANG! FAILED AGAIN. NOW LET"S TRY WITH FOURTH CASE... [root@jsefler-onprem-62server entitlement]# rm -f /etc/pki/entitlement/* [root@jsefler-onprem-62server entitlement]# subscription-manager import --certificate /tmp/3567730850023029883.pem Successfully imported certificate 3567730850023029883.pem [root@jsefler-onprem-62server entitlement]# ls /etc/pki/entitlement/ 3567730850023029883-key.pem 3567730850023029883.pem [root@jsefler-onprem-62server entitlement]# subscription-manager list --consumed +-------------------------------------------+ Consumed Product Subscriptions +-------------------------------------------+ ProductName: Management Add-On ContractNumber: 71 AccountNumber: 12331131231 SerialNumber: 3567730850023029883 Active: True QuantityUsed: 1 Begins: 08/28/2011 Expires: 08/27/2012 ^^^ NOW IT WORKS.
Fixed in master branch (3236ce3f2561e306886ff80963a4ddb3bbdb6950) Now checks the serial number of the cert and renames the file in the following formats: <s/n>.pem <s/n>-key.pem
Verifying Version... [root@jsefler-onprem-62server ~]# rpm -q subscription-manager subscription-manager-0.96.9-1.git.4.3236ce3.el6.x86_64 [root@jsefler-onprem-62server ~]# subscription-manager clean All local data removed [root@jsefler-onprem-62server ~]# subscription-manager list --consumed No Consumed subscription pools to list [root@jsefler-onprem-62server ~]# subscription-manager import --certificate /tmp/importCertificatesDir/myExportedEntitlement.pem Successfully imported certificate myExportedEntitlement.pem [root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/ 4249612904057333274-key.pem 4249612904057333274.pem [root@jsefler-onprem-62server ~]# subscription-manager list --consumed +-------------------------------------------+ Consumed Product Subscriptions +-------------------------------------------+ ProductName: Awesome OS for i686/x86_64 Bits ContractNumber: 44 AccountNumber: 12331131231 SerialNumber: 4249612904057333274 Active: True QuantityUsed: 1 Begins: 07/29/2011 Expires: 09/28/2012 ^^^ VERIFIED THAT AN IMPORT OF A VALID CERTIFICATE BUNDLE THAT WAS RENAMED BY THE USER (myExportedEntitlement.pem) WAS TRUELY IMPORTED SUCCESSFULLY BY SUBSCRIPTION-MANGER. LET'S TRY AGAIN WITH (anotherExportedEntitlement)... [root@jsefler-onprem-62server ~]# subscription-manager import --certificate /tmp/importCertificatesDir/anotherExportedEntitlement Successfully imported certificate anotherExportedEntitlement [root@jsefler-onprem-62server ~]# ls /etc/pki/entitlement/ 4249612904057333274-key.pem 4249612904057333274.pem 8122730699557767282-key.pem 8122730699557767282.pem [root@jsefler-onprem-62server ~]# subscription-manager list --consumed +-------------------------------------------+ Consumed Product Subscriptions +-------------------------------------------+ ProductName: Awesome OS for i686/x86_64 Bits ContractNumber: 44 AccountNumber: 12331131231 SerialNumber: 4249612904057333274 Active: True QuantityUsed: 1 Begins: 07/29/2011 Expires: 09/28/2012 ProductName: Management Bits ContractNumber: 18 AccountNumber: 12331131231 SerialNumber: 8122730699557767282 Active: True QuantityUsed: 1 Begins: 07/29/2011 Expires: 09/28/2012 ^^^ VERIFIED THE RENAMED CERTIFICATE WAS TRUELY IMPORTED SUCCESSFULLY BY SUBSCRIPTION-MANGER. Moving to VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1695.html