4.5. Viewing certificate information using the rct tool

The rct tool performs two tasks:
  • Displays the size and statistics of the certificate information (stat-cert).
  • Displays information (headers) contained within the certificate, such as product or content set information (cat-cert).
The precise details returned by either command depend on the type of certificate being checked.
Large accounts and organizations can have a large number of products and subscriptions, in multiple orders. This results in a very large number of products and content sets available to the organization, and all of the information is defined in the entitlement certificate.
The main reason to view certificate statistics is that certificate sizes, for a number of reasons, impact content delivery service performance. Older versions of entitlement certificates (version 1.0) used different, less efficient DER encoding, so that large amounts of information results in very large certificates. (This could cause timeouts or crashes when dealing with content services. Newer entitlement certificate versions (version 3.0) use more efficient encoding on large content sets, which improves overall subscription service performance.
A large number of content sets is anything over 185 total sets. Both the total number of content sets and the size of the DER encoding in the certificate could affect performance.
This information is displayed using the stat-cert command and specifying the PEM file of the certificate to check:
# rct stat-cert /path/to/PEM_FILE