How to register and subscribe a system offline to the Red Hat Customer Portal?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Subscription Management (RHSM)
  • Red Hat Customer Portal

Issue

  • How to offline register a new Red Hat Enterprise Linux system to the Customer Portal?
  • How to register a system that is not connected to the internet?
  • How to register a disconnected system?
  • How to manually register a system to the Customer Portal?
  • How to create a system profile in Red Hat Subscription Management?
  • Subscription-manager list commands shows status as "Unknown" after registering systems offline
  • Subscription-manager status displays error message "Unknown" even importing the correct certificates

Resolution

  • To register an "offline" or "air-gapped" system, you need to manually create a system profile using Red Hat Subscription Management (RHSM) in the Customer Portal. This profile serves as a placeholder and will not be connected to your actual system.

    1. Create a system profile: From the Systems page in RHSM, click the New button. Provide the required information to finish creating the new system profile.

    2. Attach subscriptions: In your newly created system profile, click the Subscriptions tab, and attach any subscriptions you want to use with the system.

    3. Download and import the entitlement certificate(s): From the "Subscriptions" tab on your system profile, click Download Certificates to download the entitlement certificate(s) for attached subscriptions. The downloaded archive will be in zip format and will be named similar to 'aaaa1111-bb22-cc33-dd44-eeeeee555555_certificates.zip'.

    # unzip -l d01bcb4f-8d59-433f-xxxx-0612dd2266db_certificates.zip 
    Archive:  d01bcb4f-8d59-433f-xxxx-0612dd2266db_certificates.zip
    signed Candlepin export for d01bcb4f-8d59-433f-xxxx-0612dd2266db
    Length      Date    Time    Name
    ---------  ---------- -----   ----
      18091  05-07-2018 14:35   consumer_export.zip
        512  05-07-2018 14:35   signature
    ---------                     -------
      18603                     2 files
    
    # unzip  d01bcb4f-8d59-433f-xxxx-0612dd2266db_certificates.zip
    
  • This archive will contain another archive named 'consumer_export.zip'. Extract the content and in the ./export/entitlement_certificates/ folder you will find your certificate(s) in PEM format.

    # unzip -l consumer_export.zip 
    Archive:  consumer_export.zip
    Candlepin export for d01bcb4f-8d59-433f-xxxx-0612dd2266db
    Length      Date    Time    Name
    ---------  ---------- -----   ----
      23619  05-07-2018 14:35   export/entitlement_certificates/xxxx.pem
        137  05-07-2018 14:35   export/meta.json
    ---------                     -------
      23756                     2 files
    
    # unzip  consumer_export.zip
    
  • Move these to the client system's /tmp directory.


    # subscription-manager import --certificate=/tmp/Name_Of_Downloaded_Entitlement_Cert.pem e.g. : # subscription-manager import --certificate=/tmp/xxxx.pem
  • This completes the registration of the offline system.

  • You can verify that entitlement certificates were successfully imported by reviewing: # subscription-manager list --consumed

Note:

When you register an online system via # subscription-manager register, it automatically creates a connected profile on the Customer Portal, whereas in offline registration, you are manually creating a disconnected profile on the Portal.

After following this procedure, your system profile in the Customer Portal will show a subscription status "Unknown" and the command # subscription-manager status will output "Unknown." This is the expected behavior. For more information, see https://access.redhat.com/solutions/2158251

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

14 Comments

Could you please add a method to import a spreadsheet of air-gapped systems, with socket, platform, processor, and subscription to associate with? Manually doing each system is tedious.

i have subscribed this certificate but after download receive file in PEM not zip. kindly advise.

Followed these instructions, said it created the files in the export folder, but there is no export solder to be found.

This documentation outdated.

While trying to move the extracted file to client system getting an error after the below command e.g # subscription-manager import --certificate=/tmp/936605213211386925.pem

Error:936605213211386925.pem: file not found Kindly let me knowwhat can be the issue

Does this same procedure work for RHEL8.1?

Hi Scott,

Yes, it is the same for RHEL 8.1.

Seems not to work for developer subscriptions. The "Create" button simply does not activate. Or am I missing something?

I believe that this should work no differently, you may want to check the permissions for your user on the account via: https://www.redhat.com/wapps/ugc/protected/usermgt/userList.html

Thanks a bunch Craig, Thank you for your reply. It turns out that the portal page now works and enables the creation of offline systems without need to add an user. I have a developer subscription I wanted to test the procedure with and finally managed to download and deploy the certificate today. Yesterday the "create" button refused to activate.

Is there a way to automate this tasks? For example with Ansible?

hello, I followed the instructions to apply the cert to an air-gapped system. When I try the manual import, I receive an error "xxxxxx.pem is not a valid certificate file. Please use a valid certificate."

When I look at the pem file I can see the cert and key in it.

I had old certs in the /etc/pki/entitlement and /etc/pki/consumer directories that I removed.

Still have errors

I was using the ID cert instead of the subscription cert. The subscription cert is working

Hi All,

When I hit subscription-manager import --certificate=/tmp/xxxx.pem command, It says "cannot parse argument"

Have anyone faced this issue ?