Chapter 9. Identity Certificates

The Identity Certificate Management screen is used to create new entitlement certificates and configuration RPMs.
An identity certificate is used by Red Hat Update Infrastructure to authenticate the CDS to the RHUA and secure the communication between them. Entitlement certificates grant a client access to a specific set of entitled repositories, but the RHUA monitoring functionality and the load balancer require access to all repositories in the system. The identity certificate can be used to identify each component as part of Red Hat Update Infrastructure, so that the entitlement-checking procedure will not deny it access.
An identity certificate is generated for you the first time you use RHUI Manager. When the identity certificate generated by that process expires, you will need to regenerate the certificate in order to continue using Red Hat Update Infrastructure.
Only one identity certificate is needed for the entire infrastructure. The same certificate is used by both the RHUA and the load balancer.
To access the Identity Certificate Management screen, go to the Home screen and type i at the prompt:
------------------------------------------------------------------------------
             -= Red Hat Update Infrastructure Management Tool =-


-= Identity Certificate Management =-

   g   generate a new identity certificate

                                                           Connected: rhua.example.com
------------------------------------------------------------------------------
rhui (client) =>

Procedure 9.1. Generate a New Identity Certificate

  1. From the Identity Certificate Management screen, type g at the prompt to generate a new identity certificate:
    rhui (client) => g
    
  2. Confirm that the new identity certificate will over-write the existing certificate by typing y at the prompt:
    Generating a new RHUI identity certificate will replace 
    the one currently stored at /etc/pki/rhui/identity.crt.  Proceed? [y/n]: y
    
  3. Enter the number of days that the identity certificate should be valid for. If left blank, this field will default to 3650 (ten years):
    		Enter the number of days the RHUI identity certificate will be valid.  
    If the identity certificate ever expires, it will need to be 
    regenerated using rhui-manager [Default: 3650]:
    
  4. The new identity certificate will be created. You should restart the service to pick up the changes:
    ...............+++
    .........+++
    Successfully regenerated RHUI Identity certificate