The products that are installed on a system through the subscriptions attached to a system are identified by certificates. When an available product is installed, the subscription service generates a product certificate, which contains the information about the product contract and the specific installation.
Structurally, subscription certificates and product certificates are very similar, because they both provide much of the same information about products. The main difference is that a product certificate contains information about a single product that has been installed, so no other subscription information (like other available products or other product versions) is included in a product certificate the way that it is in a subscription certificate.
A product certificate contains a single product namespace (meaning, a single product definition) which shows only what is actually installed on the system. The architecture and version definitions in a product certificate reflect the architecture and version of the product that is actually installed.
The product certificate is a
*.pem file stored in the subscription certificates directory,
/etc/pki/product/product_serial#.pem. The name of the
*.pem file is a numeric identifier that is generated by the subscription service. As with subscription tracking, the generated ID is an inventory number, used to track installed products and associate them with systems within the subscription service.