Am 2. November 2017 08:24:10 MEZ schrieb "Vipul Sharma (DevOps)" <[email protected]>: >I have tested 2 different URL'S - > >*This one was was from your article -* > >curl -v https://cdn.redhat.com/content/dist/rhel/server/7/ >7Server/x86_64/os/repodata/repomd.xml >* About to connect() to cdn.redhat.com port 443 (#0) >* Trying 2.16.30.83... >* Connected to cdn.redhat.com (2.16.30.83) port 443 (#0) >* Initializing NSS with certpath: sql:/etc/pki/nssdb >* CAfile: /etc/pki/tls/certs/ca-bundle.crt > CApath: none >* Server certificate: >* subject: CN=cdn.redhat.com,OU=Red Hat Network,O=Red >Hat,L=Raleigh,ST=North Carolina,C=US >* start date: May 14 19:48:02 2014 GMT >* expire date: May 11 19:48:02 2024 GMT >* common name: cdn.redhat.com >* issuer: [email protected],CN=Red Hat Entitlement >Operations >Authority,OU=Red Hat Network,O="Red Hat, Inc.",ST=North Carolina,C=US >* *NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)* >* Peer's certificate issuer has been marked as not trusted by the user. >* Closing connection 0 >curl: (60) Peer's certificate issuer has been marked as not trusted by >the >user. > >----------------------------------------------------------- > >*This is from Google-Cloud - Pretty much the same result -* > >curl -v https://cds.rhel.updates.googlecloud.com/pulp/mirror/ >content/dist/rhel/rhui/server/7/7Server/x86_64/os/repodata/repomd.xml >* About to connect() to cds.rhel.updates.googlecloud.com port 443 (#0) >* Trying 23.236.57.179... >* Connected to cds.rhel.updates.googlecloud.com (23.236.57.179) port >443 >(#0) >* Initializing NSS with certpath: sql:/etc/pki/nssdb >* CAfile: /etc/pki/tls/certs/ca-bundle.crt > CApath: none >* Server certificate: >* subject: >CN=cds.rhel.updates.googlecloud.com,OU=SomeOrgUnit,O=SomeOrg,ST=North >Carolina,C=US >* start date: Sep 23 05:18:30 2017 GMT >* expire date: Sep 25 05:18:30 2037 GMT >* common name: cds.rhel.updates.googlecloud.com >* issuer: CN=RHUI Certificate >Authority,OU=SomeOrgUnit,O=SomeOrg,L=Raleigh,ST=North >Carolina,C=US >* *NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)* >* Peer's certificate issuer has been marked as not trusted by the user. >* Closing connection 0 >curl: (60) Peer's certificate issuer has been marked as not trusted by >the >user. > >Thanks > >On Thu, Nov 2, 2017 at 12:36 PM, Robert Paschedag ><[email protected]> >wrote: > >> Am 2. November 2017 07:29:16 MEZ schrieb "Vipul Sharma (DevOps)" < >> [email protected]>: >> >In spacewalk, I had to manually create this file -->* >> >file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release*, & then >copy/pasted >> >the >> >KEY from RHEL server to this location in Spacewalk server. >> > >> >Some Doubts :- >> > >> >Do this requires importing this file ?? >> > >> >I'm running spacewalk without CA certified certificate, Does that >> >impact >> >the overall config for RHEL Repo in Spacewalk. >> > >> >Thanks >> >Vipul >> > >> >On Thu, Nov 2, 2017 at 11:49 AM, Robert Paschedag >> ><[email protected]> >> >wrote: >> > >> >> Am 2. November 2017 05:13:12 MEZ schrieb "Vipul Sharma (DevOps)" < >> >> [email protected]>: >> >> >Hi Michael, >> >> > >> >> >We are using registered system through 'Google-Cloud' - I have >> >copied >> >> >everything very carefully from RHEL.repo into spacewalk, >Including >> >all >> >> >the >> >> >.cert & .pem files. >> >> > >> >> >Just unable to figure out what's wrong with it for the time being >- >> >> > >> >> >Thanks >> >> > >> >> >On Wed, Nov 1, 2017 at 5:36 PM, Michael Mraka >> >> ><[email protected]> >> >> >wrote: >> >> > >> >> >> Vipul Sharma (DevOps): >> >> >> > Hi Robert, >> >> >> > >> >> >> > I need your 'HELP' - I went according to your configuration >for >> >> >> downloading >> >> >> > RHEL repos into 'Spacewalk' - But, I'm facing some issues >while >> >> >doing >> >> >> > that, Can you be humble enough to take a look into my issue >-- >> >> >> > >> >> >> > *This is the error -* >> >> >> > >> >> >> > 10:01:26 | Channel: rhel-base >> >> >> > 10:01:26 ====================================== >> >> >> > 10:01:26 Sync of channel started. >> >> >> > 10:01:26 Repo URL: >> >> >> > >> >https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os >> >> >> > 10:01:27 ERROR: failure: repodata/repomd.xml from >> >> >> > content_dist_rhel_server_7_7Server_x86_64_os: [Errno 256] No >> >more >> >> >> mirrors >> >> >> > to try. >> >> >> > *https://cdn.redhat.com/content/dist/rhel/server/7/ >> >> >> 7Server/x86_64/os/repodata/repomd.xml >> >> >> > <https://cdn.redhat.com/content/dist/rhel/server/7/ >> >> >> 7Server/x86_64/os/repodata/repomd.xml>: >> >> >> > [Errno 14] curl#60 - "Peer's certificate issuer has been >marked >> >as >> >> >not >> >> >> > trusted by the user."* >> >> >> > 10:01:27 Sync of channel completed in 0:00:00. >> >> >> > 10:01:27 Total time: 0:00:00 >> >> >> > >> >> >> > --------------------------------------------- >> >> >> > >> >> >> > My Spacewalk server is running unauthorized CA-CERT, Is this >> >> >because of >> >> >> > that ? >> >> >> >> >> >> You need a proper Red Hat Subscription to be able to download >Red >> >Hat >> >> >> content from CDN. >> >> >> >> >> >> Regards, >> >> >> >> >> >> -- >> >> >> Michael Mráka >> >> >> System Management Engineering, Red Hat >> >> >> >> >> >> _______________________________________________ >> >> >> Spacewalk-list mailing list >> >> >> [email protected] >> >> >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> >> >> >> For me, this sounds as one of the "signing" CA of RedHat's servers >is >> >not >> >> trusted by "you". >> >> >> >> Robert >> >> >> >> Please try to curl the URL. >> >> curl -vv -1 https://.... >> >> See the same error? >> >> Robert >>
You have to get the "issuer" certs from RedHat (download from web?) and add it to your trusted CA store Robert _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
