RHEL Subscription Managment and PKI

Latest response

Hi all,

Just a quick query regarding the certificates in /etc/pki/consumer.

I understand that they are related to the Subscription manager as this page has a description on them (https://access.redhat.com/articles/433903).

/etc/pki/consumer
When you register your system (subscription-manager register), the cert.pem and key.pem files are added to this directory. Those files are removed when you unregister (subscription-manager unregister).

We run AIDE on our systems and these files changed without user input, and as a result this triggered an AIDE warning.

Are these certificates expected to change randomly, or is their a trigger for it?

I can see my certificate is no expected to expire on Jun 13 11:26:18 2018 GMT - Is the the next time i would expect these certificates to change?

Thanks for any info!

Responses

Hi Matt,

I believe these certificates are valid for a year and renew automatically. /etc/cron.daily/rhsmd and /usr/libexec/rhsmd run daily checks for subscription validity/expiration and write errors to syslog.

Red Hat Subscription Manager Configuration Files

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.