Description of problem: The following scenario has regressed from rhel58/rhel63 behavior: 1. register 2. remember your consumerid 3. screw up your identity cert 4. register with the consumerid and --force Currently getting stuck on this last step with an "Error loading certificate" Version-Release number of selected component (if applicable): [root@jsefler-rhel59 ~]# rpm -q subscription-manager python-rhsm subscription-manager-1.0.11-1.git.3.b3c4a8b.el5 python-rhsm-1.0.4-1.git.6.19a55da.el5 How reproducible: Steps to Reproduce: [root@jsefler-rhel59 ~]# subscription-manager register --username testuser1 --password password --org admin The system has been registered with id: 000d7504-b2c8-483b-a82c-82699c424a40 [root@jsefler-rhel59 ~]# openssl x509 -noout -text -in /etc/pki/consumer/cert.pem > /tmp/stdout; mv -f /tmp/stdout /etc/pki/consumer/cert.pem [root@jsefler-rhel59 ~]# subscription-manager register --username=testuser1 --password=password --consumerid=000d7504-b2c8-483b-a82c-82699c424a40 --force Error loading certificate ^^^^^^^^^^^^^^^^^^^^^^^^^ EXPECTED THE --force OPTION TO BE A LITTLE MORE FORECFUL. THIS SCENARIO SUCCESSUFULLY REGISTERED TO THE SPECIFIED CONSUMERID IN PAST RELEASES AND IS THEREFORE A REGRESSION. HOWEVER, USING clean IS A SIMPLE WORKAROUND AND MAY IN FACT BE THE PREFERED SOLUTION. NEED MORE OPINIONS ON THIS. [root@jsefler-rhel59 ~]# subscription-manager clean All local data removed [root@jsefler-rhel59 ~]# subscription-manager register --username=testuser1 --password=password --consumerid=000d7504-b2c8-483b-a82c-82699c424a40 --force The system has been registered with id: 000d7504-b2c8-483b-a82c-82699c424a40 [root@jsefler-rhel59 ~]# ^^^ THIS WORKAROUND WORKED EXACTLY AS EXPECTED. Additional info: [root@jsefler-rhel59 ~]# tail -f /var/log/rhsm/rhsm.log 2012-07-28 11:15:57,832 [INFO] @connection.py:492 - Using certificate authentication: key = /etc/pki/consumer/key.pem, cert = /etc/pki/consumer/cert.pem, ca = /etc/rhsm/ca/, insecure = False 2012-07-28 11:15:57,833 [INFO] @connection.py:505 - Connection Built: host: jsefler-f14-candlepin.usersys.redhat.com, port: 8443, handler: /candlepin 2012-07-28 11:15:57,833 [DEBUG] @profile.py:95 - Loading current RPM profile. 2012-07-28 11:15:58,070 [DEBUG] @connection.py:317 - Loading CA PEM certificates from: /etc/rhsm/ca/ 2012-07-28 11:15:58,071 [DEBUG] @connection.py:299 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem' 2012-07-28 11:15:58,072 [DEBUG] @connection.py:299 - Loading CA certificate: '/etc/rhsm/ca/jsefler-f14-candlepin.pem' 2012-07-28 11:15:58,072 [DEBUG] @connection.py:299 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem' 2012-07-28 11:15:58,185 [DEBUG] @managercli.py:397 - Versions: {'subscription manager': '1.0.11-1.git.3.b3c4a8b.el5', 'server-type': 'subscription management service', 'python-rhsm': '1.0.4-1.git.6.19a55da.el5', 'candlepin': 'Unknown'} 2012-07-28 11:15:58,186 [ERROR] @managercli.py:114 - exception caught in subscription-manager 2012-07-28 11:15:58,186 [ERROR] @managercli.py:115 - Error loading certificate Traceback (most recent call last): File "/usr/sbin/subscription-manager", line 78, in ? sys.exit(abs(main() or 0)) File "/usr/sbin/subscription-manager", line 69, in main return managercli.CLI().main() File "/usr/share/rhsm/subscription_manager/managercli.py", line 1957, in main return cmd.main() File "/usr/share/rhsm/subscription_manager/managercli.py", line 401, in main return_code = self._do_command() File "/usr/share/rhsm/subscription_manager/managercli.py", line 871, in _do_command if ConsumerIdentity.existsAndValid(): File "/usr/share/rhsm/subscription_manager/certlib.py", line 364, in existsAndValid cls.read() File "/usr/share/rhsm/subscription_manager/certlib.py", line 352, in read return ConsumerIdentity(key, cert) File "/usr/share/rhsm/subscription_manager/certlib.py", line 376, in __init__ self.x509 = create_from_pem(certstring) File "/usr/lib64/python2.4/site-packages/rhsm/certificate.py", line 64, in create_from_pem return _CertFactory().create_from_pem(pem) File "/usr/lib64/python2.4/site-packages/rhsm/certificate2.py", line 69, in create_from_pem return self._read_x509(_certificate.load(pem=pem), path) File "/usr/lib64/python2.4/site-packages/rhsm/certificate2.py", line 73, in _read_x509 raise CertificateException("Error loading certificate") CertificateException: Error loading certificate
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Borderline scenario, but you're right, it worked better in 6.3 so we'll restore it. Fixed in subscription-manager.git master: dfe3008b4b49b168e9387a3e4491621e31e423c4 Will appear in 1.0.12.
verified using following rpm subscription-manager-gui-1.0.14-1.git.20.7e3f72a.el5 subscription-manager-migration-data-1.11.2.3-1.git.0.861f9ba.el5 subscription-manager-firstboot-1.0.14-1.git.20.7e3f72a.el5 subscription-manager-migration-1.0.14-1.git.20.7e3f72a.el5 subscription-manager-1.0.14-1.git.20.7e3f72a.el5 [root@localhost ~]# subscription-manager identity Current identity is: 2924d660-988d-4f36-b62c-0836eb5fc0ae name: localhost.localdomain org name: Admin Owner org id: 8ac141cc395432790139543296d000a5 [root@localhost ~]# openssl x509 -noout -text -in /etc/pki/consumer/cert.pem > /tmp/stdout; mv -f /tmp/stdout /etc/pki/consumer/cert.pem [root@localhost ~]# [root@localhost ~]# [root@localhost ~]# sub sub2po subscription-manager subscription-manager-gui [root@localhost ~]# subscription-manager register --consumerid 2924d660-988d-4f36-b62c-0836eb5fc0ae --username testuser1 --password password --force The system has been registered with id: 2924d660-988d-4f36-b62c-0836eb5fc0ae successfully registered using force option Working fine resolving defect as verified
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0033.html