How to register and subscribe a system offline to the Red Hat Customer Portal?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Subscription Management (RHSM)
  • Red Hat Customer Portal

Issue

  • How to offline register a new Red Hat Enterprise Linux system to the Customer Portal?
  • How to register a system that is not connected to the internet?
  • How to register a disconnected system?
  • How to manually register a system to the Customer Portal?
  • How to create a system profile in Red Hat Subscription Management?
  • Subscription-manager list commands shows status as "Unknown" after registering systems offline
  • Subscription-manager status displays error message "Unknown" even importing the correct certificates

Resolution

  • To register an "offline" or "air-gapped" system, you need to manually create a system profile using Red Hat Subscription Management (RHSM) in the Customer Portal. This profile serves as a placeholder and will not be connected to your actual system.

    1. Create a system profile: From the Systems page in RHSM, click the New button. Provide the required information to finish creating the new system profile.

    2. Attach subscriptions: In your newly created system profile, click the Subscriptions tab, and attach any subscriptions you want to use with the system.

    3. Download and import the entitlement certificate(s): From the "Subscriptions" tab on your system profile, click Download Certificates to download the entitlement certificate(s) for attached subscriptions. The downloaded archive will be in zip format and will be named similar to 'aaaa1111-bb22-cc33-dd44-eeeeee555555_certificates.zip'.

    # unzip -l d01bcb4f-8d59-433f-xxxx-0612dd2266db_certificates.zip 
    Archive:  d01bcb4f-8d59-433f-xxxx-0612dd2266db_certificates.zip
    signed Candlepin export for d01bcb4f-8d59-433f-xxxx-0612dd2266db
    Length      Date    Time    Name
    ---------  ---------- -----   ----
      18091  05-07-2018 14:35   consumer_export.zip
        512  05-07-2018 14:35   signature
    ---------                     -------
      18603                     2 files
    
    # unzip  d01bcb4f-8d59-433f-xxxx-0612dd2266db_certificates.zip
    
  • This archive will contain another archive named 'consumer_export.zip'. Extract the content and in the ./export/entitlement_certificates/ folder you will find your certificate(s) in PEM format.

    # unzip -l consumer_export.zip 
    Archive:  consumer_export.zip
    Candlepin export for d01bcb4f-8d59-433f-xxxx-0612dd2266db
    Length      Date    Time    Name
    ---------  ---------- -----   ----
      23619  05-07-2018 14:35   export/entitlement_certificates/xxxx.pem
        137  05-07-2018 14:35   export/meta.json
    ---------                     -------
      23756                     2 files
    
    # unzip  consumer_export.zip
    
  • Move these to the client system's /tmp directory.


    # subscription-manager import --certificate=/tmp/Name_Of_Downloaded_Entitlement_Cert.pem e.g. : # subscription-manager import --certificate=/tmp/xxxx.pem
  • This completes the registration of the offline system.

  • You can verify that entitlement certificates were successfully imported by reviewing: # subscription-manager list --consumed

Note:

When you register an online system via # subscription-manager register, it automatically creates a connected profile on the Customer Portal, whereas in offline registration, you are manually creating a disconnected profile on the Portal.

After following this procedure, your system profile in the Customer Portal will show a subscription status "Unknown" and the command # subscription-manager status will output "Unknown." This is the expected behavior. For more information, see https://access.redhat.com/solutions/2158251

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

21 Comments

Could you please add a method to import a spreadsheet of air-gapped systems, with socket, platform, processor, and subscription to associate with? Manually doing each system is tedious.

i have subscribed this certificate but after download receive file in PEM not zip. kindly advise.

Followed these instructions, said it created the files in the export folder, but there is no export solder to be found.

This documentation outdated.

While trying to move the extracted file to client system getting an error after the below command e.g # subscription-manager import --certificate=/tmp/936605213211386925.pem

Error:936605213211386925.pem: file not found Kindly let me knowwhat can be the issue

Does this same procedure work for RHEL8.1?

Hi Scott,

Yes, it is the same for RHEL 8.1.

Seems not to work for developer subscriptions. The "Create" button simply does not activate. Or am I missing something?

I believe that this should work no differently, you may want to check the permissions for your user on the account via: https://www.redhat.com/wapps/ugc/protected/usermgt/userList.html

Thanks a bunch Craig, Thank you for your reply. It turns out that the portal page now works and enables the creation of offline systems without need to add an user. I have a developer subscription I wanted to test the procedure with and finally managed to download and deploy the certificate today. Yesterday the "create" button refused to activate.

Is there a way to automate this tasks? For example with Ansible?

Hi Mario,
Have you found a solution by any chance, yet?

Looking for a solution, too.

Best regards,
Joerg

hello, I followed the instructions to apply the cert to an air-gapped system. When I try the manual import, I receive an error "xxxxxx.pem is not a valid certificate file. Please use a valid certificate."

When I look at the pem file I can see the cert and key in it.

I had old certs in the /etc/pki/entitlement and /etc/pki/consumer directories that I removed.

Still have errors

I was using the ID cert instead of the subscription cert. The subscription cert is working

Hi All,

When I hit subscription-manager import --certificate=/tmp/xxxx.pem command, It says "cannot parse argument"

Have anyone faced this issue ?

I am using RHEL 8 on VMBOX as guest. My host is Windows. I have a Developer subscription. And I downloaded the necessary files. But I don't know where to put this file on my computer to make it readable by RHEL as a guest OS. If RHEL is guest on Windows, do you know where the tmp file of RHEL is?

Hi Hazal,

If you did not configure file sharing option of VBox of Oracle on the host between the guest and the host, you need to upload the files to the guest using sftp or scp, e.g using the winscp program (you have to download and install).

Regards,

Jan Gerrit

Hi Jan, Thank you very much. I will try and update the comment.

Hi Jan,

Is there any way to configure file sharing option or USB connection of RHEL guest, way before the subscription? I feel like in a endless loop. If there is no way, I connect my computer to the internet someway but first I would like to be sure there is no other option.

Thank you,

Hazal

Hi Hazal,

To get help setup file sharing between VBOX host (Windows) and RHEL guest please post your question on the Discussion Forum post.

You can follow the discussion.

Here we confuse people.

Regards,

Jan Gerrit

You are right, thank you again.