[Spacewalk-list] RHEL repo sync error - CURL #60

Matt Moldvan matt at moldvan.com
Tue Oct 9 15:21:04 UTC 2018 

Oops, looks like my replies weren't making it to the mailing list (forgot
to change the "From" option).

Anyway, I intended to reply to the list and not just Robert...

On Tue, Oct 9, 2018 at 11:18 AM Matt Moldvan <sandwormusmc at gmail.com> wrote:

> Yeah, makes sense.  My point was that Red Hat expecting this to be done by
> it's customers is silly and they shouldn't be using self signed certs in
> the path and making their customers do extra work...
>
> On Tue, Oct 9, 2018 at 9:50 AM Robert Paschedag <robert.paschedag at web.de>
> wrote:
>
>> Am 9. Oktober 2018 15:24:55 MESZ schrieb sandwormusmc <
>> sandwormusmc at gmail.com>:
>> >Looks like an issue Red Hat should fix, too be honest.  While you could
>> >pull the CA cert of the issuer and import it, I get an invalid issuer
>> >error when I pull up that URL in my browser, too.  So updating your CA
>> >certs may not help either (unless Red Hat provides the root cert for
>> >whomever generated the cert for cdn.redhat.com).
>> >If you have a Red Hat support contract, I would open a ticket with this
>> >information and ask for their input.
>> >
>> >
>> >Sent from my Verizon, Samsung Galaxy smartphone
>> >-------- Original message --------From: "Irwin, Jeffrey"
>> ><Jeffrey.Irwin at rivertechllc.com> Date: 10/9/18  8:46 AM  (GMT-05:00)
>> >To: Robert Paschedag <robert.paschedag at web.de>,
>> >spacewalk-list at redhat.com Subject: Re: [Spacewalk-list] RHEL repo sync
>> >error - CURL #60
>> >I have tried this with a local mirror repo......no dice, tried it with
>> >subscribed RHEL repo, no dice, trying to track this pesky cert issue.
>> >Will check out the man page and see, would be nice to see a more
>> >verbose indication of what cert it is trying to use, where it is, etc..
>> >________________________________________
>> >From: Robert Paschedag <robert.paschedag at web.de>
>> >Sent: Tuesday, October 9, 2018 8:41 AM
>> >To: spacewalk-list at redhat.com; Irwin, Jeffrey;
>> >spacewalk-list at redhat.com
>> >Subject: Re: [Spacewalk-list] RHEL repo sync error - CURL #60
>> >
>> >Am 9. Oktober 2018 14:04:25 MESZ schrieb "Irwin, Jeffrey"
>> ><Jeffrey.Irwin at rivertechllc.com>:
>> >>?Same issue I ma having, interested to see the solution.
>> >
>> >I think manpage of update-ca-certificates should help.
>> >
>> >Get the issuer cert, update the local CA certs and it should run (in
>> >case, there is no new rpm which updates the certs)
>> >
>> >Robert
>> >>
>> >>________________________________
>> >>From: spacewalk-list-bounces at redhat.com
>> >><spacewalk-list-bounces at redhat.com> on behalf of Raymond Setchfield
>> >><raymond.setchfield at gmail.com>
>> >>Sent: Monday, October 8, 2018 6:47 AM
>> >>To: spacewalk-list at redhat.com
>> >>Subject: [Spacewalk-list] RHEL repo sync error - CURL #60
>> >>
>> >>Hi
>> >>
>> >>I have been attempting to pull the RHEL updates into spacewalk, and I
>> >>am receiving the following error;
>> >>
>> >># spacewalk-repo-sync -c rhel07-update
>> >>11:44:03 ======================================
>> >>11:44:03 | Channel: rhel07-update
>> >>11:44:03 ======================================
>> >>11:44:03 Sync of channel started.
>> >>11:44:03
>> >>11:44:03   Processing repository with URL:
>> >>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os
>> >>Repository group_spacewalkproject-java-packages is listed more than
>> >>once in the configuration
>> >>11:44:03 ERROR: failure: repodata/repomd.xml from rhel07-update.repo:
>> >>[Errno 256] No more mirrors to try.
>> >>
>> https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml
>> :
>> >>[Errno 14] curl#60 - "Peer's certificate issuer has been marked as not
>> >>trusted by the user."
>> >>11:44:03 Sync of channel completed in 0:00:00.
>> >>11:44:03 Total time: 0:00:00
>> >>
>> >>Looking into this it appears to be a certificate issue from what I can
>> >>gather. My assumption is to use the "redhat-uep.pem" Is this correct?
>> >>If so where do I place this to allow the curl to work? Or am I off in
>> >>the wrong direction
>> >>
>> >>Thanks
>> >>
>> >>Ray
>> >
>> >
>> >--
>> >sent from my mobile device
>> >
>> >_______________________________________________
>> >Spacewalk-list mailing list
>> >Spacewalk-list at redhat.com
>> >https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>> There is a self signed cert within the SSL path, which does not seem to
>> be on your cert parts.
>>
>> So download the certs via the browser (export root ca and intermediate
>> cas), put the in the "anchors" directory  (where update-ca-trust or
>> update-ca-certificates wants them to be), update the certs... Then try
>> again.
>>
>> Robert
>> --
>> sent from my mobile device
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20181009/89bc40f0/attachment.htm>

More information about the Spacewalk-list mailing list