Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 7. Client Entitlements

The Create Certificates and Configuration RPMs screen is used to create new entitlement certificates and configuration RPMs.
When Red Hat issues the original entitlement certificate, it will grant access to the repositories you requested. When you create client entitlement certificates, you will need to decide how to sub-divide your clients, and create a separate certificate for each one. Each certificate can then be used to create individual RPMs for installation on the appropriate guest images. For example, you might create separate certificates for clients that require access to Red Hat Enterprise Linux 5 and those that require access to Red Hat Enterprise Linux 5 and JBoss channels.
To access the Create Certificates and Configuration RPMs screen, go to the Home screen and type e at the prompt: 
------------------------------------------------------------------------------
             -= Red Hat Update Infrastructure Management Tool =-


-= Client Entitlement Management =-

   e   generate an entitlement certificate
   c   create a client configuration RPM from an entitlement certificate

                                                           Connected: rhua.example.com
------------------------------------------------------------------------------
rhui (client) =>
Copy to Clipboard

Procedure 7.1. Generate an Entitlement Certificate

  1. From the Create Certificates and Configuration RPMs screen, type e at the prompt to generate a new Red Hat entitlement certificate: 
    rhui (client) => e
    Copy to Clipboard
  2. A list of all available repositories will be displayed. This includes all custom repositories, and all products that have been granted entitlements in the content certificate that Red Hat granted. Select which repositories to include in the entitlement certificate by typing the number of the repository at the prompt. Typing the number of a repository will place a checkmark next to the name of that repository. Continue until all repositories you wish to add have been checked, and then type c at the prompt to confirm.
    Repositories that are shown with an asterisk (*) indicates that they are deployed in the RHUI. 
    Select one or more repositories to include in the entitlement certificate:
(an * next to a Red Hat repository indicates it is deployed in the RHUI)

  Custom Repositories
    -  1 : /protected/$basearch/os
             Repo 1
             Repo 2

  Red Hat Repositories
    -  2 : Red Hat Enterprise Linux Server (RPMs)
    -  3 : Red Hat Enterprise Linux Server (SRPMS)
    -  4 : Red Hat Enterprise Linux Server (STS)
    -  5 : Red Hat Enterprise Linux Server 6 Optional Releases (RPMs)
    -  6 : Red Hat Enterprise Linux Server 6 Optional Releases (SRPMS)
    -  7 : Red Hat Enterprise Linux Server 6 Optional Updates (RPMs)
    -  8 : Red Hat Enterprise Linux Server 6 Optional Updates (SRPMS)
    -  9 : Red Hat Enterprise Linux Server 6 Releases (RPMs)
    -  10: Red Hat Enterprise Linux Server 6 Releases (SRPMS)
    -  11: Red Hat Enterprise Linux Server 6 Updates (RPMs)
    -  12: Red Hat Enterprise Linux Server 6 Updates (SRPMS)
    -  13: Red Hat Update Infrastructure 1.2 (RPMs) *
    -  14: Red Hat Update Infrastructure 1.2 (SRPMS) *

Enter value from (1-14) to toggle selection, 'c' to confirm selections, or '?'
for more commands: 1

Select one or more repositories to include in the entitlement certificate:
(an * next to a Red Hat repository indicates it is deployed in the RHUI)

  Custom Repositories
    x  1 : /protected/$basearch/os
             Repo 1
             Repo 2

  Red Hat Repositories
    -  2 : Red Hat Enterprise Linux Server (RPMs)
    -  3 : Red Hat Enterprise Linux Server (SRPMS)
    -  4 : Red Hat Enterprise Linux Server (STS)
    -  5 : Red Hat Enterprise Linux Server 6 Optional Releases (RPMs)
    -  6 : Red Hat Enterprise Linux Server 6 Optional Releases (SRPMS)
    -  7 : Red Hat Enterprise Linux Server 6 Optional Updates (RPMs)
    -  8 : Red Hat Enterprise Linux Server 6 Optional Updates (SRPMS)
    -  9 : Red Hat Enterprise Linux Server 6 Releases (RPMs)
    -  10: Red Hat Enterprise Linux Server 6 Releases (SRPMS)
    -  11: Red Hat Enterprise Linux Server 6 Updates (RPMs)
    -  12: Red Hat Enterprise Linux Server 6 Updates (SRPMS)
    -  13: Red Hat Update Infrastructure 1.2 (RPMs) *
    -  14: Red Hat Update Infrastructure 1.2 (SRPMS) *

Enter value from (1-14) to toggle selection, 'c' to confirm selections, or '?'
for more commands: 13-14

Select one or more repositories to include in the entitlement certificate:
(an * next to a Red Hat repository indicates it is deployed in the RHUI)

  Custom Repositories
    x  1 : /protected/$basearch/os
             Repo 1
             Repo 2

  Red Hat Repositories
    -  2 : Red Hat Enterprise Linux Server (RPMs)
    -  3 : Red Hat Enterprise Linux Server (SRPMS)
    -  4 : Red Hat Enterprise Linux Server (STS)
    -  5 : Red Hat Enterprise Linux Server 6 Optional Releases (RPMs)
    -  6 : Red Hat Enterprise Linux Server 6 Optional Releases (SRPMS)
    -  7 : Red Hat Enterprise Linux Server 6 Optional Updates (RPMs)
    -  8 : Red Hat Enterprise Linux Server 6 Optional Updates (SRPMS)
    -  9 : Red Hat Enterprise Linux Server 6 Releases (RPMs)
    -  10: Red Hat Enterprise Linux Server 6 Releases (SRPMS)
    -  11: Red Hat Enterprise Linux Server 6 Updates (RPMs)
    -  12: Red Hat Enterprise Linux Server 6 Updates (SRPMS)
    x  13: Red Hat Update Infrastructure 1.2 (RPMs) *
    x  14: Red Hat Update Infrastructure 1.2 (SRPMS) *

Enter value from (1-14) to toggle selection, 'c' to confirm selections, or '?'
for more commands: c
    Copy to Clipboard
  3. Enter a name for the certificate. This name is used to identify the certificate within RHUI Manager, and is also used to generate the name of the certificate and key files. 
    Name of the certificate. This will be used as the name of the certificate file
(name.crt) and its associated private key (name.key). Choose something that
will help identify the products contained with it:
rhui_and_custom
    Copy to Clipboard
  4. Enter a path to save the certificate to. Leave the field blank to save to the current working directory: 
    Local directory in which to save the generated certificate [current directory]:
/tmp/certs
    Copy to Clipboard
  5. Enter the number of days the certificate should be valid for. Leave the field blank for 365 days: 
    Number of days the certificate should be valid [365]:
    Copy to Clipboard
  6. The details of the repositories to be included in the certificate will be displayed. Type y at the prompt to confirm the information and create the entitlement certificate.
    If your CA private key requires a pass phrase to sign certificates, enter it at the prompt. 
    Repositories to be included in the entitlement certificate:

  Custom Entitlements
    /protected/$basearch/os

  Red Hat Repositories
    Red Hat Update Infrastructure 1.2 (RPMs)
    Red Hat Update Infrastructure 1.2 (SRPMS)

Proceed? (y/n) y

......+++
..+++
Enter pass phrase for /etc/pki/rhui/entitlement-ca-key.pem:
Entitlement certificate created at /tmp/certs/rhui_and_custom.crt

------------------------------------------------------------------------------
rhui (client) =>
    Copy to Clipboard

Procedure 7.2. Create a Client Configuration RPM

  1. From the Create Certificates and Configuration RPMs screen, type c at the prompt to create a client configuration RPM: 
    rhui (client) => c
    Copy to Clipboard
  2. Enter a path to a local directory to save the configuration files to. Leave the field blank to save to the current working directory: 
    Local directory in which the client configuration files generated by this tool
should be stored (if this directory does not exist, it will be created):
/tmp/test-client
    Copy to Clipboard
  3. Enter a name for the RPM. Do not specify the .rpm extension: 
    Name of the RPM:
test-client
    Copy to Clipboard
  4. Enter a version number for the configuration RPM. Leave the field blank to use version 2.0: 
    Version of the configuration RPM [2.0]:
    Copy to Clipboard
  5. Enter the full path to the entitlement certificate to be used (the entitlement certificate is generated in Procedure 7.1, “Generate an Entitlement Certificate”): 
    Full path to the entitlement certificate authorizing 
the client to access specific channels:
/tmp/certs/rhui_and_custom.crt
    Copy to Clipboard
  6. Enter the full path to the private key to be used with the entitlement certificate (the private key is generated in Procedure 7.1, “Generate an Entitlement Certificate”): 
    Full path to the private key for the above entitlement certificate:
/tmp/certs/rhui_and_custom.key
    Copy to Clipboard
  7. Enter the full path to the CA certificate that was used to sign the CDS SSL certificates. This is used by yum on the client, when it attempts to connect to the CDS: 
    Full path to the CA certificate used to sign the CDS SSL certificate:
/etc/pki/rhui/entitlement-ca.crt
    Copy to Clipboard
  8. All CDS instances are able to function as load balancers. You will be required to nominate one CDS as a primary load balancer, however if that CDS becomes unavailable, or is unable to function as a load balancer, load balancing tasks will fall to the other available CDS instances. Select a CDS instance to be the primary load balancer for the client: 
    Select the CDS instance that should be the primary load balancer for the
client. All other CDS instances will be listed as back up load balancers
in the client's mirror list:

  1  - cds-1.example.com
  2  - cds-2.example.com
Enter value (1-2) or 'b' to abort: 2
    Copy to Clipboard
    A list of the CDS instances to be used for load balancing will be displayed, in priority order: 
    Load Balancer Order:
  cds-2.example.com
  cds-1.example.command
    Copy to Clipboard
  9. A list of all unprotected repositories will be displayed. Select which repositories (if any) to include in the RPM by typing the number of the repository at the prompt. Typing the number of a repository will place a checkmark next to the name of that repository. Continue until all repositories you wish to add have been checked, and then type c at the prompt to confirm. If you don't want to add any repositories to the RPM, leave all repositories unchecked and type c at the prompt to confirm.
    Unprotected repositories that are added to the RPM will be included in the generated .repo file, along with the repository definitions for all entitlements included in the certificate. 
    Select any unprotected repositories to be included in the client configuration:
  -  1 : Unprotected Repo 1
Enter value from (1-1) to toggle selection, 'c' to confirm selections, or '?'
for more commands: 1

Select any unprotected repositories to be included in the client configuration:
  x  1 : Unprotected Repo 1
Enter value from (1-1) to toggle selection, 'c' to confirm selections, or '?'
for more commands: c
    Copy to Clipboard
  10. The client configuration RPM will be created, and the location of the file displayed: 
    Successfully created client configuration RPM.
RPMs can be found at /tmp/test-client

------------------------------------------------------------------------------
rhui (client) =>
    Copy to Clipboard
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat