[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Spacewalk-list] "Peer's certificate issuer has been marked as not trusted by the user."



I have tested 2 different URL'S -

This one was was from your article -

curl -v https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml
* About to connect() to cdn.redhat.com port 443 (#0)
*   Trying 2.16.30.83...
* Connected to cdn.redhat.com (2.16.30.83) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=cdn.redhat.com,OU=Red Hat Network,O=Red Hat,L=Raleigh,ST=North Carolina,C=US
*       start date: May 14 19:48:02 2014 GMT
*       expire date: May 11 19:48:02 2024 GMT
*       common name: cdn.redhat.com
*       issuer: E=ca-support redhat com,CN=Red Hat Entitlement Operations Authority,OU=Red Hat Network,O="Red Hat, Inc.",ST=North Carolina,C=US
* NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)
* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 0
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.

-----------------------------------------------------------

This is from Google-Cloud - Pretty much the same result -


curl -v https://cds.rhel.updates.googlecloud.com/pulp/mirror/content/dist/rhel/rhui/server/7/7Server/x86_64/os/repodata/repomd.xml
* About to connect() to cds.rhel.updates.googlecloud.com port 443 (#0)
*   Trying 23.236.57.179...
* Connected to cds.rhel.updates.googlecloud.com (23.236.57.179) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=cds.rhel.updates.googlecloud.com,OU=SomeOrgUnit,O=SomeOrg,ST=North Carolina,C=US
*       start date: Sep 23 05:18:30 2017 GMT
*       expire date: Sep 25 05:18:30 2037 GMT
*       common name: cds.rhel.updates.googlecloud.com
*       issuer: CN=RHUI Certificate Authority,OU=SomeOrgUnit,O=SomeOrg,L=Raleigh,ST=North Carolina,C=US
* NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)
* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 0
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.

Thanks

On Thu, Nov 2, 2017 at 12:36 PM, Robert Paschedag <robert paschedag web de> wrote:
Am 2. November 2017 07:29:16 MEZ schrieb "Vipul Sharma (DevOps)" <sharma vipul in g4s com>:
>In spacewalk, I had to manually create this file -->*
>file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release*, & then copy/pasted
>the
>KEY from RHEL server to this location in Spacewalk server.
>
>Some Doubts :-
>
>Do this requires importing this file ??
>
>I'm running spacewalk without CA certified certificate, Does that
>impact
>the overall config for RHEL Repo in Spacewalk.
>
>Thanks
>Vipul
>
>On Thu, Nov 2, 2017 at 11:49 AM, Robert Paschedag
><robert paschedag web de>
>wrote:
>
>> Am 2. November 2017 05:13:12 MEZ schrieb "Vipul Sharma (DevOps)" <
>> sharma vipul in g4s com>:
>> >Hi Michael,
>> >
>> >We are using registered system through 'Google-Cloud' - I have
>copied
>> >everything very carefully from RHEL.repo into spacewalk, Including
>all
>> >the
>> >.cert & .pem files.
>> >
>> >Just unable to figure out what's wrong with it for the time being -
>> >
>> >Thanks
>> >
>> >On Wed, Nov 1, 2017 at 5:36 PM, Michael Mraka
>> ><michael mraka redhat com>
>> >wrote:
>> >
>> >> Vipul Sharma (DevOps):
>> >> > Hi Robert,
>> >> >
>> >> > I need your 'HELP' - I went according to your configuration for
>> >> downloading
>> >> > RHEL repos into 'Spacewalk'  - But, I'm facing some issues while
>> >doing
>> >> > that, Can you be humble enough to take a look into my issue --
>> >> >
>> >> > *This is the error -*
>> >> >
>> >> > 10:01:26 | Channel: rhel-base
>> >> > 10:01:26 ======================================
>> >> > 10:01:26 Sync of channel started.
>> >> > 10:01:26 Repo URL:
>> >> >
>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os
>> >> > 10:01:27 ERROR: failure: repodata/repomd.xml from
>> >> > content_dist_rhel_server_7_7Server_x86_64_os: [Errno 256] No
>more
>> >> mirrors
>> >> > to try.
>> >> > *https://cdn.redhat.com/content/dist/rhel/server/7/
>> >> 7Server/x86_64/os/repodata/repomd.xml
>> >> > <https://cdn.redhat.com/content/dist/rhel/server/7/
>> >> 7Server/x86_64/os/repodata/repomd.xml>:
>> >> > [Errno 14] curl#60 - "Peer's certificate issuer has been marked
>as
>> >not
>> >> > trusted by the user."*
>> >> > 10:01:27 Sync of channel completed in 0:00:00.
>> >> > 10:01:27 Total time: 0:00:00
>> >> >
>> >> > ---------------------------------------------
>> >> >
>> >> > My Spacewalk server is running unauthorized CA-CERT, Is this
>> >because of
>> >> > that ?
>> >>
>> >> You need a proper Red Hat Subscription to be able to download Red
>Hat
>> >> content from CDN.
>> >>
>> >> Regards,
>> >>
>> >> --
>> >> Michael Mráka
>> >> System Management Engineering, Red Hat
>> >>
>> >> _______________________________________________
>> >> Spacewalk-list mailing list
>> >> Spacewalk-list redhat com
>> >> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>> For me, this sounds as one of the "signing" CA of RedHat's servers is
>not
>> trusted by "you".
>>
>> Robert
>>

Please try to curl the URL.

curl -vv -1 https://....

See the same error?

Robert



Please consider the environment before printing this email.
*********************************************************************
This communication may contain information which is confidential, personal and/or privileged. It is for the exclusive use of the intended recipient(s).
If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. If you have received it in error please contact the sender immediately by return e-mail. Please then delete the e-mail and any copies of it and do not use or disclose its contents to any person.
Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them. Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity.
This message has been checked for viruses on behalf of the company.
*********************************************************************



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]