Red Hat Bugzilla – Bug 806958
One empty certificate file in /etc/rhsm/ca causes registration failure
Last modified: 2014-11-09 17:52:28 EST
Description of problem:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. touch /etc/rhsm/ca/myemptycert.pem
2. subscription-manager register
3. rm -f /etc/rhsm/ca/myemptycert.pem
4. subscription-manager register
BadCertificateException instance has no attribute 'args' on step 2,
success on step 4
Successful registration with or without one bad cert
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release. Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products. This request is not yet committed for inclusion in
To reproduce this error, make sure that
insecure = 0
in /etc/rhsm/rhsm.conf. Otherwise the request method won't even look at the CA certificates.
Author: Alex Wood <firstname.lastname@example.org>
Date: Fri May 18 15:59:31 2012 -0400
806958: BadCertificateException not displaying properly.
The __str__ function added to BadCertificateException does not need
to be internationalized since this message should only appear in
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
[root@jmolet-vm0 rhsm]# touch /etc/rhsm/ca/myemptycert.pem
[root@jmolet-vm0 rhsm]# cat rhsm.conf | grep insecure
[root@jmolet-vm0 rhsm]# subscription-manager register
Bad CA certificate: /etc/rhsm/ca/myemptycert.pem
[root@jmolet-vm0 rhsm]# subscription-manager identity
This system is not yet registered. Try 'subscription-manager register --help' for more information.
This appears to print out a nicer error and not stack trace and then fails gracefully.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.