Show Table of Contents
4.4. Viewing certificate information using the rct tool
The rct tool performs two tasks:
- Displays the size and statistics of the certificate information (stat-cert).
- Displays information (headers) contained within the certificate, such as product or content set information (cat-cert).
The precise details returned by either command depend on the type of certificate being checked.
Large accounts and organizations can have a large number of products and subscriptions, in multiple orders. This results in a very large number of products and content sets available to the organization, and all of the information is defined in the entitlement certificate.
The main reason to view certificate statistics is that certificate sizes, for a number of reasons, impact content delivery service performance. Older versions of entitlement certificates (version 1.0) used different, less efficient DER encoding, so that large amounts of information results in very large certificates. (This could cause timeouts or crashes when dealing with content services. Newer entitlement certificate versions (version 3.0) use more efficient encoding on large content sets, which improves overall subscription service performance.
A large number of content sets is anything over 185 total sets. Both the total number of content sets and the size of the DER encoding in the certificate could affect performance.
This information is displayed using the stat-cert command and specifying the PEM file of the certificate to check:
# rct stat-cert /path/to/PEM_FILE
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.