rhsmcertd man page

rhsmcertd — Periodically scans and updates the entitlement certificates on a registered system.


rhsmcertd [--cert-check-interval=MINUTES] [--auto-attach-interval=MINUTES] [--max-splay-minutes=MINUTES] [--now] [--debug] [--help]

Deprecated usage

rhsmcertd [certInterval autoattachInterval]


Red Hat provides content updates and support by issuing subscriptions for its products. These subscriptions are applied to systems (machines). Red Hat Subscription Manager is a tool which allows administrators to manage those subscriptions by registering systems and people, applying subscriptions, and viewing subscriptions.

When subscriptions are applied to a system or when new subscriptions are available, the subscription management system issues that machine an X.509 certificate which contains all of the details of that subscription. The rhsmcertd process runs periodically to check for changes in the subscriptions available to a machine by updating the entitlement certificates installed on the machine and by installing new entitlement certificates as they're available.

At a defined interval, the process checks with the subscription management service to see if any new subscriptions are available to the system. If there are, it pulls in the associated subscription certificates. If any subscriptions have expired and new subscriptions are available, then the rhsmcertd process will automatically request those subscriptions. By default, the initial checks run are delayed by a random amount of minutes in the range [0,10]. The upper limit of this random delay is configurable with the max-splay-minutes on the command line or by setting the maxSplayMinutes option in /etc/rhsm/rhsm.conf

This rhsmcertd process invokes the rhsmcertd-worker.py script to perform the certificate add and update operations.

Both the certificate interval and the auto-attach interval are configurable and can be reset through the rhsmcertd daemon itself or by editing the Subscription Manager /etc/rhsm/rhsm.conf file.

rhsmcertd is started with the machine, by default, and is always running in the background.


-h, --help

Prints the specific help information for the given command.

-d, --debug

Records more verbose output to the /var/log/rhsm/rhsmcertd.log log file.

-n, --now

Runs the rhsmcertd scan immediately, rather than waiting for the next scheduled interval.

-c, --cert-check-interval=MINUTES

Resets the interval for checking for new subscription certificates. This value is in minutes. The default is 240, or four hours. This interval is in effect until the daemon restarts, and then the values in the /etc/rhsm/rhsm.conf file are used (unless the argument is passed again).

-i, --auto-attach-interval=MINUTES

Resets the interval for checking for and replacing expired subscriptions. This value is in minutes. The default is 1440, or 24 hours. This interval is in effect until the daemon restarts, and then the values in the /etc/rhsm/rhsm.conf file are used (unless the argument is passed again).

-m, --max-splay-minutes=MINUTES

Sets the maximum time to offset the checks done by this tool. This value is in minutes. The default value is 10. It may be useful in large deployments to increase this value to reduce peak load on the entitlement server these systems are registered to. Setting this value to 0 effectively turns off this feature. This interval is in effect until the daemon restarts, and then the values in the /etc/rhsm/rhsm.conf file are used (unless the argument is passed again).

Usage Examples


Be sure to stop the running rhsmcertd daemon before making any configuration changes, or the new configuration is not applied.

Resetting the Certificate Scan Interval

service rhsmcertd stop
rhsmcertd --cert-check-interval=240

Running Certificate and Healing Scans Immediately

Normally, the certificate and auto-attach scans are run periodically, on a schedule defined in the rhsmcertd configuration. The scans can be run immediately -- which is useful if an administrator knows that there are new subscriptions available -- and then the scans resume their schedules.

service rhsmcertd stop
rhsmcertd -n

Deprecated Usage

rhsmcertd used to allow the certificate and auto-attach intervals to be reset simply by passing two integers as arguments.

rhsmcertd certInterval autoAttachInterval

For example:

service rhsmcertd stop
rhsmcertd 180 480

This usage is still allowed, but it is deprecated and not recommended.

Associated Files

* /usr/share/rhsm/certmgr.py

* /etc/rhsm/rhsm.conf

* /var/log/rhsm/rhsmcertd.log


This daemon is part of Red Hat Subscription Manager. To file bugs against this daemon, go to https://bugzilla.redhat.com, and select Red Hat > Red Hat Enterprise Linux > subscription-manager.


Deon Lackey, <dlackey@redhat.com> and Jeff Ortel, <jortel@redhat.com>. rhsmcertd was written by Jeff Ortel.

Referenced By

rhsmcertd_selinux(8), rhsm.conf(5).

Subscription Management