[Spacewalk-list] CentOS 6 2.9 Repo Install Fail - curl: (60) Peer certificate cannot be authenticated with known CA certificates

Thu May 9 10:05:36 UTC 2019

Hi Robert,

I know. It's just a bit of a pain as its causing automated deployment via Ansible fail. Thankfully, someone found a workaround (http instead of https) which required more steps in Ansible to be able to deploy the agents successfuly.

Not a biggie though, I just hope that there's an official warning somewhere in the spacewalk pages to warm users of this issue while its still being fixed/looked at.

Kind regards,
Francis

-----Original Message-----
From: Robert Paschedag [mailto:robert.paschedag at web.de] 
Sent: Monday, 6 May 2019 5:41 PM
To: spacewalk-list at redhat.com; Francis Mondia <Francis.Mondia at endace.com>; spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] CentOS 6 2.9 Repo Install Fail - curl: (60) Peer certificate cannot be authenticated with known CA certificates

Am 6. Mai 2019 04:52:53 MESZ schrieb Francis Mondia <Francis.Mondia at endace.com>:
>Hi All,
>
>Getting this when installing the Spacewalk client on CentOS 6 from the 
>official guide:
>
>$ sudo rpm -Uvh
>https://copr-be.cloud.fedoraproject.org/results/@spacewalkproject/space
>walk-2.9/epel-6-x86_64/00830557-spacewalk-repo/spacewalk-repo-2.9-4.el6
>.noarch.rpm
>[sudo] password for adminuser:
>Retrieving
>https://copr-be.cloud.fedoraproject.org/results/@spacewalkproject/space
>walk-2.9/epel-6-x86_64/00830557-spacewalk-repo/spacewalk-repo-2.9-4.el6
>.noarch.rpm
>curl: (60) Peer certificate cannot be authenticated with known CA 
>certificates More details here: http://curl.haxx.se/docs/sslcerts.html

This only tells you that the websites certificate has not been signed by one of the default "trusted" CAs that are installed by default on the client.

Robert

>
>curl performs SSL certificate verification by default, using a "bundle"
>of Certificate Authority (CA) public keys (CA certs). If the default 
>bundle file isn't adequate, you can specify an alternate file using the 
>--cacert option.
>If this HTTPS server uses a certificate signed by a CA represented in 
>the bundle, the certificate verification probably failed due to a 
>problem with the certificate (it might be expired, or the name might 
>not match the domain name in the URL).
>If you'd like to turn off curl's verification of the certificate, use 
>the -k (or --insecure) option.
>error: skipping
>https://copr-be.cloud.fedoraproject.org/results/@spacewalkproject/space
>walk-2.9/epel-6-x86_64/00830557-spacewalk-repo/spacewalk-repo-2.9-4.el6
>.noarch.rpm
>- transfer failed
>
>
>CentOS 7 works fine and wondering what's wrong with the CentOS 6 repo.
>
>Kind regards,
>--
>Francis Mondia
>Engineering Systems Administrator
>
>francis.mondia at endace.com<mailto:francis.mondia at endace.com>
>www.endace.com<http://www.endace.com/>
>[Endace-horizontal (250x74 pixels high)]<http://www.endace.com/>
>
>This message contains Endace confidential information intended only for 
>specific recipients and is not to be forwarded to anyone else.  If you 
>have received this message in error, please delete it immediately.
>Thank you.

--
sent from my mobile device