Bug 862909 - [RFE] rct tool man page
[RFE] rct tool man page
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: subscription-manager (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Adrian Likins
: FutureFeature, ManPageChange
Depends On:
Blocks: 771481
  Show dependency treegraph
Reported: 2012-10-03 16:54 EDT by Bryan Kearney
Modified: 2013-02-21 03:56 EST (History)
3 users (show)

See Also:
Fixed In Version: subscription-manager-1.1.8-1
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-02-21 03:56:53 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bryan Kearney 2012-10-03 16:54:00 EDT
the rct tool should have a man page.
Comment 2 Deon Ballard 2012-11-10 18:59:26 EST
Committed to master:
Comment 5 Adrian Likins 2012-11-12 16:29:58 EST
added to build/spec file

commit e32d8f0a15f67ec9ea2ec9e844a671890a4c6cd1
Author: Adrian Likins <alikins@redhat.com>
Date:   Mon Nov 12 16:23:38 2012 -0500

    862909: install rct man page
Comment 7 John Sefler 2012-11-17 22:29:38 EST
Verifying Version...
[root@jsefler-6 ~]# rpm -q subscription-manager

[root@jsefler-6 ~]# man -P cat rct
rct(8)                   Certificate Information Tool                   rct(8)

       rct  - Displays information (headers) about or size and statistics of a
       entitlement, product, or identity certificate used by Red Hat Subscrip-
       tion Manager.

       rct  cat-cert  [--no-content]  [--no-products] /path/to/certificate.pem
       rct stat-cert /path/to/certificate.pem

       Red Hat Subscription Manager uses X.509 certificates to identify a reg-
       istered  system  (identity certificate), the products installed on that
       system (product certificates), and the subscriptions  attached  to  the
       system  (entitlement certificates), including available content reposi-
       tories, products, and support levels. All of the information that  Sub-
       scription Manager requires is contained in the body of the certificate.

              Prints the size of the certificate and other details  about  the
              certificate.  The precise details depend on the type of certifi-
              cate being checked.

              Prints the information that  is  contained  in  the  certificate
              itself,  such  as the certificate headers, serial numbers, prod-
              ucts, and content sets. Two options, --no-content and --no-prod-
              ucts,  can  be used to shorten the output to include only header
              and descriptive information.

       The rct tool is used to gather  information  about  the  already-issued
       certificates  being  used  by Subscription Manager. The main reason for
       that is that certificate sizes, for a number of reasons, impact content
       delivery  service  performance. New certificate version (3.0 and later)
       use more efficient encoding, resulting in smaller  certificate  content
       sizes  and  better  performance. If there are problems with the content
       service timing out or returning errors, then the rct stat-cert  command
       can  be  used to check the size and version of a given entitlement cer-
       tificate quickly.

       This command has no options.

       For large accounts and organizations, there can be a very large  number
       of  products  and content sets available. Older versions of entitlement
       certificates (version 1.0) used different (less efficient)  DER  encod-
       ing,  so  that  large amounts of information results in very large cer-
       tificates. (This is what caused timeouts or crashes when  dealing  with
       some content services.) Newer entitlement certificate versions (version
       3.0) use more efficient encoding on large content sets, which  improves
       overall subscription service performance.

       A  large  number  of content sets is anything over 185 total sets. Both
       the total number of content sets and the size of the  DER  encoding  in
       the certificate could affect performance.

       The  statistics  for  an entitlement certificate show both the DER size
       and the number of content sets, among other information: * Type  (enti-
       tlement certificate)

              *  Version  (of  the  certificate style); newer versions will be
              3.x, with better performance for handling large content sets

              * DER size, which gives the size  of  the  certificate  contents
              (not the size of the certificate file itself)

              * Key size, for the associated key file, in bytes

              * The total number of available content sets in the subscription

       For example:
              [root@server ~]# rct stat-cert /etc/pki/entitlement/2027912482659389239.pem
              Type: Entitlement Certificate
              Version: 1.0
              DER size: 47555b
              Subject Key ID size: 553b
              Content sets: 100

       While the size of the certificate is less of an issue for identity  and
       product certificates (which are quite small), the stat-cert command can
       still be used to view the size and statistics of the certificates.

       For a product certificate, the stat-cert command shows:

              * Type (product certificate)

              * Version (of the certificate style)

              * DER size, which gives the size  of  the  certificate  contents
              (not the size of the certificate file itself)

       For example:
              [root@server ~]# rct stat-cert /etc/pki/product/69.pem
              Type: Product Certificate
              Version: 1.0
              DER size: 1558b

       For an identity certificate:

              * Type (identity certificate)

              * Version (of the certificate style)

              *  DER  size,  which  gives the size of the certificate contents
              (not the size of the certificate file itself)

              * Key size, for the associated key file, in bytes

       For example:
              [root@server ~]# rct stat-cert /etc/pki/consumer/cert.pem
              Type: Identity Certificate
              Version: 1.0
              DER size: 1488b
              Subject Key ID size: 20b

       Each certificate contains a complete set of information  that  contains
       all  of  the  details  for  whatever  element is being identified. That
       information can be displayed, in pretty-print form, using the  cat-cert

       The  most  basic  information  is the information about the certificate
       its, such as its directory path, its serial umber and subject name, and
       its  validity  period  (start and end dates). The information about the
       certificate itself is in the Certificate section:

              * Path -- the  filesystem  location  where  the  certificate  is

              * Version -- the certificate format version

              * Serial -- the serial number for the certificate

              * Start/End Date -- the validity period for the certificate

              * Alt Name -- the subject alternative name, which uses the host-
              name of the system rather than the UUID (for  identity  certifi-
              cates only)

       The Subject DN of the certificate is in the Subject section.

       For example, for the identity certificate:
              [root@server ~]# rct cat-cert /etc/pki/consumer/cert.pem

                      Identity Certificate

                      Path: /etc/pki/consumer/cert.pem
                      Version: 1.0
                      Serial: 824613308750035399
                      Start Date: 2012-11-09 16:20:22+00:00
                      End Date: 2013-11-09 16:20:22+00:00
                      Alt Name: DirName:/CN=server.example.com

                      CN: e94bc90e-44a1-4f8c-b6fc-0a3e9d6fac2b

       A product certificate contains additional information in a Product sec-
       tion, which defines the information for the specific installed product,
       such as its name, product version, and any yum tags used for that prod-
       uct. For example:
              [root@server ~]# rct cat-cert /etc/pki/product/69.pem

                      Product Certificate

                      Path: /etc/pki/product/69.pem
                      Version: 1.0
                      Serial: 12750047592154746449
                      Start Date: 2012-10-04 18:45:02+00:00
                      End Date: 2032-09-29 18:45:02+00:00

                      CN: Red Hat Product ID [b4f7ac9e-b7ed-45fa-9dcc-323beb20e916]

                      ID: 69
                      Name: Red Hat Enterprise Linux Server
                      Version: 6.4
                      Arch: x86_64
                      Tags: rhel-6,rhel-6-server

       The most information is contained in the entitlement certficate.  Along
       with  the  Certificate  and Subject, it also has a Product section that
       defines the product group that is covered by the subscription.

       Then, it contains an Order section that details everything  related  to
       the  purchase of the subscription (such as the contract number, service
       level, total quantity, quantities assigned to  the  system,  and  other
       details on the subscription).

       A  subscription  for  a  product covers the version purchased and every
       previous version of the product. For example, when  a  subscription  is
       purchased  for  Red Hat Enterprise Linux 6.4, the subscription provides
       full access to all RHEL 6 repositories,  plus  access  to  all  RHEL  5
       repositories and then other included product content repositories, like
       Subscription Asset Manager. Every available content repository is lised
       in  a  Content  section  that  contains the repository name, associated
       tags, its URL, and a notice on whether the yum repository is enabled by
       default. For example:
              [root@server ~]# rct cat-cert /etc/pki/entitlement/2027912482659389239.pem
                      Entitlement Certificate

                      Path: /etc/pki/entitlement/2027912482659389239.pem
                      Version: 1.0
                      Serial: 2027912482659389239
                      Start Date: 2011-12-31 05:00:00+00:00
                      End Date: 2012-12-31 04:59:59+00:00

                      CN: 8a99f9843adc8b8f013ae5f9de022b73

                      ID: 69
                      Name: Red Hat Enterprise Linux Server
                      Arch: x86_64,ia64,x86

                      Name: Red Hat Enterprise Linux Server, Premium (8 sockets) (Up to 4 guests)
                      Number: 2673502
                      SKU: RH0103708
                      Contract: 10011052
                      Account: 5206751
                      Service Level: Premium
                      Service Type: L1-L3
                      Quantity: 100
                      Quantity Used: 1
                      Socket Limit: 8
                      Virt Limit:
                      Virt Only: False
                      Stacking ID:
                      Warning Period: 0
                      Provides Management: 0

                      Type: yum
                      Name: Red Hat Enterprise Linux 6 Server (RPMs)
                      Label: rhel-6-server-rpms
                      Vendor: Red Hat
                      URL: /content/dist/rhel/server/6/$releasever/$basearch/os
                      GPG: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
                      Enabled: True
                      Expires: 86400
                      Required Tags: rhel-6-server

       Using  the  --no-content option when running rct cat-cert with an enti-
       tlement certificate returns all of the certification information, order
       information,  and  product information, but excludes all of the Content
       sections, which significantly reduced the information printed  to  std-
       out. If there are a lot of Product sections, as well, then those can be
       excluded using the --no-product option.

              * Product certificates: /etc/pki/product/*.pem

              * Subscription certificates: etc/pki/entitlement/<serial#>.pem

              * System identity certificates: /etc/pki/consumer/cert.pem

       This tool is part of Red Hat Subscription Manager. To file bugs against
       this command-line tool, go to <https://bugzilla.redhat.com>, and select
       Red Hat > Red Hat Enterprise Linux > subscription-manager.

       Deon Lackey <dlackey@redhat.com>,  Michael  Stead  <mstead@redhat.com>,
       and  James Bowes <jbowes@redhat.com>. The rct tool was written by James

       Copyright (c) 2012 Red Hat, Inc. This is licensed under the GNU General
       Public  License, version 2 (GPLv2). A copy of this license is available
       at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.

version 1.0                    November 8, 2012                         rct(8)

VERIFIED: a man page for the rct tool now exists.
Comment 8 John Sefler 2012-11-17 22:38:58 EST
Note: Refinements to the rct man page will be requested by new bugzillas.  This bugzilla was used to include the first version of the rct man page.
Comment 10 errata-xmlrpc 2013-02-21 03:56:53 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.