4.2. Updating subscription certificates

A subscription certificate represents a subscription that has been attached to a given system. It includes all of the products which are included in the subscription for service and support, the subscription start and end dates, and the number of subscriptions included for each product. A subscription certificate does not list products that are currently installed on the system; rather, it lists all products that are available to the system.
The subscription certificate is an X.509 certificate and is stored in a base 64-encoded blob in a .pem file.
When a subscription expires or is changed, then the subscription certificate must be updated to account for the changes. The Red Hat Subscription Manager polls the subscription service periodically to check for updated subscription certificates; this can also be updated immediately or pulled down from the Customer Portal. The subscription certificates are updated by revoking the previous subscription certificate and generating a new one to replace it.
  1. Download the certificate(s) you need to update as described in Section 4.1, “Importing subscription certificates”.
  2. Use the refresh command:
    [root@server1 ~]# subscription-manager refresh