Hello Pulpers I've upgraded from 2.4.0-1 to 2.5.1-1 and have hit SSL issues. Despite having verify_ssl: false in /etc/pulp/admin/admin.conf pulp-admin would now bomb out with errors in ~/.pulp/admin.log: ConnectionException: (None, 'tlsv1 alert unknown ca', None) That shouldn't happen right? I was using a self signed certificate so to try to get around this I used a VeriSign certificate. Despite updating the relevant variables... admin.conf: ca_path: /etc/pki/tls/certs/ca-bundle.crt server.conf cacert: /etc/pki/pulp/new-hostname-cacert.pem cakey: /etc/pki/pulp/new-hostname-key.pem ssl_ca_certificate: /etc/pki/tls/certs/ca-bundle.crt /etc/httpd/conf.d/pulp.conf: SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt SSLCertificateFile /etc/pki/pulp/new-hostname-cacert.pem SSLCertificateKeyFile /etc/pki/pulp/new-hostname-key.pem ...and appending the intermediate certificate into the ca-bundle.crt file, pulp-admin still gave the same exception, despite appending the intermediary cert having fixed wget and curl, which were complaining when i did a test grab of /pulp/repos until I did that. I could see that ssl_error_log contained: Thu Dec 18 10:57:15 2014] [error] [client 123.123.123.123] Certificate Verification: Error (20): unable to get local issuer certificate [Thu Dec 18 10:57:15 2014] [error] [client 123.123.123.123] Re-negotiation handshake failed: Not accepted by client!? After some googling I tried commenting out: SSLVerifyClient optional In /etc/httpd/conf.d/pulp.conf That resolved the SSL Apache log error, but now I get: The specified user does not have permission to execute the given command admin.log: PermissionsException: RequestException: GET request on /pulp/api/v2/tasks/ failed with 401 - Authentication with username None failed: invalid SSL certificate. So to summarise ... is verify_ssl broken in 2.5.1? And what have I been doing wrong with my certificates? Thanks!! Paul