[Spacewalk-list] "Peer's certificate issuer has been marked as not trusted by the user."

Vipul Sharma (DevOps) sharma.vipul at in.g4s.com
Thu Nov 2 07:24:10 UTC 2017 

I have tested 2 different URL'S -

*This one was was from your article -*

curl -v https://cdn.redhat.com/content/dist/rhel/server/7/
7Server/x86_64/os/repodata/repomd.xml
* About to connect() to cdn.redhat.com port 443 (#0)
*   Trying 2.16.30.83...
* Connected to cdn.redhat.com (2.16.30.83) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=cdn.redhat.com,OU=Red Hat Network,O=Red
Hat,L=Raleigh,ST=North Carolina,C=US
*       start date: May 14 19:48:02 2014 GMT
*       expire date: May 11 19:48:02 2024 GMT
*       common name: cdn.redhat.com
*       issuer: E=ca-support at redhat.com,CN=Red Hat Entitlement Operations
Authority,OU=Red Hat Network,O="Red Hat, Inc.",ST=North Carolina,C=US
* *NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)*
* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 0
curl: (60) Peer's certificate issuer has been marked as not trusted by the
user.

-----------------------------------------------------------

*This is from Google-Cloud - Pretty much the same result -*

curl -v https://cds.rhel.updates.googlecloud.com/pulp/mirror/
content/dist/rhel/rhui/server/7/7Server/x86_64/os/repodata/repomd.xml
* About to connect() to cds.rhel.updates.googlecloud.com port 443 (#0)
*   Trying 23.236.57.179...
* Connected to cds.rhel.updates.googlecloud.com (23.236.57.179) port 443
(#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject:
CN=cds.rhel.updates.googlecloud.com,OU=SomeOrgUnit,O=SomeOrg,ST=North
Carolina,C=US
*       start date: Sep 23 05:18:30 2017 GMT
*       expire date: Sep 25 05:18:30 2037 GMT
*       common name: cds.rhel.updates.googlecloud.com
*       issuer: CN=RHUI Certificate
Authority,OU=SomeOrgUnit,O=SomeOrg,L=Raleigh,ST=North
Carolina,C=US
* *NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)*
* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 0
curl: (60) Peer's certificate issuer has been marked as not trusted by the
user.

Thanks

On Thu, Nov 2, 2017 at 12:36 PM, Robert Paschedag <robert.paschedag at web.de>
wrote:

> Am 2. November 2017 07:29:16 MEZ schrieb "Vipul Sharma (DevOps)" <
> sharma.vipul at in.g4s.com>:
> >In spacewalk, I had to manually create this file -->*
> >file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release*, & then copy/pasted
> >the
> >KEY from RHEL server to this location in Spacewalk server.
> >
> >Some Doubts :-
> >
> >Do this requires importing this file ??
> >
> >I'm running spacewalk without CA certified certificate, Does that
> >impact
> >the overall config for RHEL Repo in Spacewalk.
> >
> >Thanks
> >Vipul
> >
> >On Thu, Nov 2, 2017 at 11:49 AM, Robert Paschedag
> ><robert.paschedag at web.de>
> >wrote:
> >
> >> Am 2. November 2017 05:13:12 MEZ schrieb "Vipul Sharma (DevOps)" <
> >> sharma.vipul at in.g4s.com>:
> >> >Hi Michael,
> >> >
> >> >We are using registered system through 'Google-Cloud' - I have
> >copied
> >> >everything very carefully from RHEL.repo into spacewalk, Including
> >all
> >> >the
> >> >.cert & .pem files.
> >> >
> >> >Just unable to figure out what's wrong with it for the time being -
> >> >
> >> >Thanks
> >> >
> >> >On Wed, Nov 1, 2017 at 5:36 PM, Michael Mraka
> >> ><michael.mraka at redhat.com>
> >> >wrote:
> >> >
> >> >> Vipul Sharma (DevOps):
> >> >> > Hi Robert,
> >> >> >
> >> >> > I need your 'HELP' - I went according to your configuration for
> >> >> downloading
> >> >> > RHEL repos into 'Spacewalk'  - But, I'm facing some issues while
> >> >doing
> >> >> > that, Can you be humble enough to take a look into my issue --
> >> >> >
> >> >> > *This is the error -*
> >> >> >
> >> >> > 10:01:26 | Channel: rhel-base
> >> >> > 10:01:26 ======================================
> >> >> > 10:01:26 Sync of channel started.
> >> >> > 10:01:26 Repo URL:
> >> >> >
> >https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os
> >> >> > 10:01:27 ERROR: failure: repodata/repomd.xml from
> >> >> > content_dist_rhel_server_7_7Server_x86_64_os: [Errno 256] No
> >more
> >> >> mirrors
> >> >> > to try.
> >> >> > *https://cdn.redhat.com/content/dist/rhel/server/7/
> >> >> 7Server/x86_64/os/repodata/repomd.xml
> >> >> > <https://cdn.redhat.com/content/dist/rhel/server/7/
> >> >> 7Server/x86_64/os/repodata/repomd.xml>:
> >> >> > [Errno 14] curl#60 - "Peer's certificate issuer has been marked
> >as
> >> >not
> >> >> > trusted by the user."*
> >> >> > 10:01:27 Sync of channel completed in 0:00:00.
> >> >> > 10:01:27 Total time: 0:00:00
> >> >> >
> >> >> > ---------------------------------------------
> >> >> >
> >> >> > My Spacewalk server is running unauthorized CA-CERT, Is this
> >> >because of
> >> >> > that ?
> >> >>
> >> >> You need a proper Red Hat Subscription to be able to download Red
> >Hat
> >> >> content from CDN.
> >> >>
> >> >> Regards,
> >> >>
> >> >> --
> >> >> Michael Mráka
> >> >> System Management Engineering, Red Hat
> >> >>
> >> >> _______________________________________________
> >> >> Spacewalk-list mailing list
> >> >> Spacewalk-list at redhat.com
> >> >> https://www.redhat.com/mailman/listinfo/spacewalk-list
> >>
> >> For me, this sounds as one of the "signing" CA of RedHat's servers is
> >not
> >> trusted by "you".
> >>
> >> Robert
> >>
>
> Please try to curl the URL.
>
> curl -vv -1 https://....
>
> See the same error?
>
> Robert
>

-- 

Please consider the environment before printing this email.
*********************************************************************
This communication may contain information which is confidential, personal 
and/or privileged. It is for the exclusive use of the intended recipient(s).
If you are not the intended recipient(s), please note that any 
distribution, forwarding, copying or use of this communication or the 
information in it is strictly prohibited. If you have received it in error 
please contact the sender immediately by return e-mail. Please then delete 
the e-mail and any copies of it and do not use or disclose its contents to 
any person.
Any personal views expressed in this e-mail are those of the individual 
sender and the company does not endorse or accept responsibility for them. 
Prior to taking any action based upon this e-mail message, you should seek 
appropriate confirmation of its authenticity.
This message has been checked for viruses on behalf of the company.
*********************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171102/40133c18/attachment.htm>

More information about the Spacewalk-list mailing list