To regenerate the system's identity certificate (meaning it is revoked and replaced), use the identity command.
Although credentials are not normally required with the identity command, using the --force option will require the username and password and will cause the Subscription Manager to prompt for the credentials if they are not passed in the command. This can be helpful if the identity certificate needs to be regenerated using a different Red Hat account than the original registration.
[root@server1 ~]# subscription-manager identity --regenerate --force
Username: js firstname.lastname@example.org
Identity certificate has been regenerated.