4.2. Updating subscription certificates

A subscription certificate represents a subscription that has been attached to a given system. It includes all of the products which are included in the subscription for service and support, the subscription start and end dates, and the number of subscriptions included for each product. A subscription certificate does not list products that are currently installed on the system; rather, it lists all products that are available to the system.
The subscription certificate is an X.509 certificate and is stored in a base 64-encoded blob in a .pem file.
When a subscription expires or is changed, then the subscription certificate must be updated to account for the changes. The Red Hat Subscription Manager polls the subscription service periodically to check for updated subscription certificates and will automatically fetch the updated entitlements from the server and install them on the local system. Occasionally, a user may manage their system’s subscriptions through the Customer Portal and may want to perform an immediate update on their system to reflect the server-side changes. This can be done from the system by running the subscription-manager refresh command. When new entitlements exist on the server, the refresh command will always download the new entitlements. When the entitlements on the server already match those on the local system, the refresh command will simply copy the entitlements. Passing the --force option will cause the old entitlements to be revoked and force the generation of new entitlement serials which are then downloaded to replace the old ones.
  1. Download the certificate(s) you need to update as described in Section 4.1, “Importing subscription certificates”.
  2. Use the refresh --force command:
    [root@server1 ~]# subscription-manager refresh --force