Any Subscription-manager command throws Error: System certificates corrupted. Please reregister.

Solution Verified - Updated

Environment

  • Red Hat Satellite 6
  • Red Hat Enterprise Linux
    • 7.7
    • 8.x

Issue

  • Any subscription-manager command throws Error: System certificates corrupted. Please reregister.

        # subscription-manager clean
    All local data removed
    System certificates corrupted. Please reregister.

    # subscription-manager register
    System certificates corrupted. Please reregister

Resolution

  • Move any other .pem file from /etc/pki/product/ directory.
# mv /etc/pki/product/*.pem /tmp
# rm -f /etc/pki/product/*

For more KB articles/solutions related to Red Hat Satellite 6.x Client Subscription Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Client Subscription Issues

Root Cause

  • katello-server-ca certificate has expired on the client.

Diagnostic Steps

  • Following error is noticed in rhsm.log file:
 2022-12-02 04:57:05,314 [ERROR] subscription-manager:1539345:MainThread @managercli.py:555 - Error loading certificate: /etc/pki/product/.pem
 2022-12-02 05:02:06,507 [ERROR] yum:1540154:MainThread @subscription-manager.py:90 - Error loading certificate: /etc/pki/product/.pem
  • Check if the katello-server-ca certificate has expired on the impacted client:
# openssl crl2pkcs7 -nocrl -certfile  /etc/rhsm/ca/katello-server-ca.pem  | openssl pkcs7 -text -print_certs |grep -iE "Serial Number:|Issuer:|Subject:|Not After :|serial:|X509v3 Authority Key Identifier:|X509v3 Subject Key Identifier:" -A 2
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.