Re: [rhn-users] up2date SSL update fails

["Simon Hildrew" <simon hildrew net>]

Just to say that I figured this out today.  The date on the box was set to
mid june so it was using the previous certificate.  Simply enabling the ntp
service allowed me to run up2date sucessfully.  Feeling stupid now!

Regards,

Simon

----- Original Message ----- 
From: "Simon Hildrew" <simon hildrew net>
To: <rhn-users redhat com>
Sent: Thursday, October 02, 2003 10:31 AM
Subject: [rhn-users] up2date SSL update fails


> I'm not having a lot of luck updating my up2date installation on a new RH9
> box (installed tuesday).
>
> I download and install the packages as suggested and this seems to work
fine
> and the /usr/share/rhn/RHNS-CA-CERT file updates with the new
certificates.
> However, running up2date for the first time still produces this error:
>
> Traceback (most recent call last):
>   File "/usr/share/rhn/up2date_client/gui.py", line 405, in
> onPrivacyPagePrepare
>     text = rhnreg.privacyText()
>   File "/usr/share/rhn/up2date_client/rhnreg.py", line 176, in privacyText
>     return rpcServer.doCall(s.registration.privacy_statement)
>   File "/usr/share/rhn/up2date_client/rpcServer.py", line 114, in doCall
>     ret = apply(method, args, kwargs)
>   File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__
>     return self.__send(self.__name, args)
>   File "/usr/lib/python2.2/site-packages/rhn/rpclib.py", line 126, in
> _request
>     verbose=self._verbose
>   File "/usr/lib/python2.2/site-packages/rhn/transports.py", line 130, in
> request
>     headers, fd = req.send_http(host, handler)
>   File "/usr/lib/python2.2/site-packages/rhn/transports.py", line 614, in
> send_http
>     headers=self.headers)
>   File "/usr/lib/python2.2/httplib.py", line 701, in request
>     self._send_request(method, url, body, headers)
>   File "/usr/lib/python2.2/httplib.py", line 723, in _send_request
>     self.endheaders()
>   File "/usr/lib/python2.2/httplib.py", line 695, in endheaders
>     self._send_output()
>   File "/usr/lib/python2.2/httplib.py", line 581, in _send_output
>     self.send(msg)
>   File "/usr/lib/python2.2/httplib.py", line 560, in send
>     self.sock.sendall(str)
>   File "/usr/lib/python2.2/site-packages/rhn/SSL.py", line 191, in write
>     sent = self._connection.send(data)
> SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate
> verify failed')]
>
> Following this I backed up the RHNS-CA-CERT file and deleted it.  I then
> touched the file so it was writable.  Then I downloaded and ran the script
> found on this page https://rhn.redhat.com/help/ssl_cert.pxt and used it to
> try and update the certificate and received the following message:
>
> Testing SSL connectivity against https://xmlrpc.rhn.redhat.com/XMLRPC ...
>
>     Connectivity test ERROR: Failed to connect to server
>
>     This error can be caused by one or more of the following:
>     - lack on Internet connectivity;
>     - running behind a proxy server. Please try running up2date
>       instead to test SSL functionality.
>
>     Despite this error, the file /usr/share/rhn/RHNS-CA-CERT
>     has been updated to allow 'up2date' and 'rhn_register' to function
>     properly.  Should you choose, you may restore a backup of your
>     previous cert from the /usr/share/rhn/RHNS-CA-CERT.old file.
>
> I can run lynx to this address and in works.  Additionally I have four
other
> boxes (which weren't new installs) and updating the up2date packages has
> worked sucessfully on each of them.  I have also checked that it is not
> iptables by temporarily stopping the iptables service.
>
> If you have any suggestions I would appreciate you letting me know.
>
> Thanks in advance,
>
> Simon
>
>
>
> _______________________________________________
> rhn-users mailing list
> rhn-users redhat com
> https://www.redhat.com/mailman/listinfo/rhn-users
>