[Spacewalk-list] RHEL repo sync error - CURL #60
Robert Paschedag
robert.paschedag at web.de
Tue Oct 9 13:50:11 UTC 2018
Am 9. Oktober 2018 15:24:55 MESZ schrieb sandwormusmc <sandwormusmc at gmail.com>:
>Looks like an issue Red Hat should fix, too be honest. While you could
>pull the CA cert of the issuer and import it, I get an invalid issuer
>error when I pull up that URL in my browser, too. So updating your CA
>certs may not help either (unless Red Hat provides the root cert for
>whomever generated the cert for cdn.redhat.com).
>If you have a Red Hat support contract, I would open a ticket with this
>information and ask for their input.
>
>
>Sent from my Verizon, Samsung Galaxy smartphone
>-------- Original message --------From: "Irwin, Jeffrey"
><Jeffrey.Irwin at rivertechllc.com> Date: 10/9/18 8:46 AM (GMT-05:00)
>To: Robert Paschedag <robert.paschedag at web.de>,
>spacewalk-list at redhat.com Subject: Re: [Spacewalk-list] RHEL repo sync
>error - CURL #60
>I have tried this with a local mirror repo......no dice, tried it with
>subscribed RHEL repo, no dice, trying to track this pesky cert issue.
>Will check out the man page and see, would be nice to see a more
>verbose indication of what cert it is trying to use, where it is, etc..
>________________________________________
>From: Robert Paschedag <robert.paschedag at web.de>
>Sent: Tuesday, October 9, 2018 8:41 AM
>To: spacewalk-list at redhat.com; Irwin, Jeffrey;
>spacewalk-list at redhat.com
>Subject: Re: [Spacewalk-list] RHEL repo sync error - CURL #60
>
>Am 9. Oktober 2018 14:04:25 MESZ schrieb "Irwin, Jeffrey"
><Jeffrey.Irwin at rivertechllc.com>:
>>?Same issue I ma having, interested to see the solution.
>
>I think manpage of update-ca-certificates should help.
>
>Get the issuer cert, update the local CA certs and it should run (in
>case, there is no new rpm which updates the certs)
>
>Robert
>>
>>________________________________
>>From: spacewalk-list-bounces at redhat.com
>><spacewalk-list-bounces at redhat.com> on behalf of Raymond Setchfield
>><raymond.setchfield at gmail.com>
>>Sent: Monday, October 8, 2018 6:47 AM
>>To: spacewalk-list at redhat.com
>>Subject: [Spacewalk-list] RHEL repo sync error - CURL #60
>>
>>Hi
>>
>>I have been attempting to pull the RHEL updates into spacewalk, and I
>>am receiving the following error;
>>
>># spacewalk-repo-sync -c rhel07-update
>>11:44:03 ======================================
>>11:44:03 | Channel: rhel07-update
>>11:44:03 ======================================
>>11:44:03 Sync of channel started.
>>11:44:03
>>11:44:03 Processing repository with URL:
>>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os
>>Repository group_spacewalkproject-java-packages is listed more than
>>once in the configuration
>>11:44:03 ERROR: failure: repodata/repomd.xml from rhel07-update.repo:
>>[Errno 256] No more mirrors to try.
>>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml:
>>[Errno 14] curl#60 - "Peer's certificate issuer has been marked as not
>>trusted by the user."
>>11:44:03 Sync of channel completed in 0:00:00.
>>11:44:03 Total time: 0:00:00
>>
>>Looking into this it appears to be a certificate issue from what I can
>>gather. My assumption is to use the "redhat-uep.pem" Is this correct?
>>If so where do I place this to allow the curl to work? Or am I off in
>>the wrong direction
>>
>>Thanks
>>
>>Ray
>
>
>--
>sent from my mobile device
>
>_______________________________________________
>Spacewalk-list mailing list
>Spacewalk-list at redhat.com
>https://www.redhat.com/mailman/listinfo/spacewalk-list
There is a self signed cert within the SSL path, which does not seem to be on your cert parts.
So download the certs via the browser (export root ca and intermediate cas), put the in the "anchors" directory (where update-ca-trust or update-ca-certificates wants them to be), update the certs... Then try again.
Robert
--
sent from my mobile device
More information about the Spacewalk-list
mailing list