Missing consumer certs on client after fresh server install

Problem:
/etc/pki/consumer/cert.pem is missing on the client after installation of katello-ca-consumer-latest.noarch.rpm

Expected outcome: A valid consumer certificate in the correct folder

Foreman and Proxy versions: Foreman is 3.10 with Katello 4.12, installed with foreman-installer --scenario katello and no other options

Distribution and version: Alma Linux 8

Other relevant data:
complete command chain of the foreman installation:
dnf -y install https://yum.puppet.com/puppet7-release-el-8.noarch.rpm dnf -y install https://yum.theforeman.org/releases/3.10/el8/x86_64/foreman-release.rpm dnf -y module enable foreman:el8 dnf -y install foreman-installer dnf -y install https://yum.theforeman.org/katello/4.12/katello/el8/x86_64/katello-repos-latest.rpm dnf -y module enable katello:el8 dnf -y install foreman-installer-katello firewall-cmd --permanent --add-service https && firewall-cmd --reload foreman-installer --scenario katello

Global registration should take the place of the katello-ca-consumer rpm now. In the web interface (Hosts > Register Host) generate and run the command on the client. The client should have the certificates it needs, without installing that RPM.

The generated command complains about the missing certificate just like the subscription manager does

What are you trying to do? Just making sure, you’re not trying to run this on the Katello server, right? It should only be run on hosts.

I am trying to replace my existing foreman-server (v3.3.1) with a new one.
I install the katello-ca RPM on a client server. (removing the old ca package first, which clears the consumer cert, then installing the new rpm)

Hm, maybe try running subscription-manager clean first? And then can you please paste the output of running the registration command? I would like to see the exact errors.

I think I tried the subscription-manager clean earlier before I wiped the servers (both foreman and test-client) for a fresh start.

Error message from the subscription-manager is simply:
Error loading certificate: [Errno 2] No such file or directory: '/etc/pki/consumer/cert.pem'

I gonna try again after I set up a repo, product and activation key, currently there is nothing to register to.

Registration with the generated command works now and the consumer certs directory is populated with the certificates.

Is there an alternate way to the RPM to set up the client side certs in order to use subscription-manager for registration? Our systems are supposed to be registered automatically via ansible, so the way via generated command is rather complicated.

You can generate the registration command using Ansible:

https://docs.ansible.com/ansible/latest/collections/theforeman/foreman/registration_command_module.html#ansible-collections-theforeman-foreman-registration-command-module

Thanks, gonna try this one.