Have you got this working, Matt?
> On 9 Oct 2018, at 16:21, Matt Moldvan <m...@moldvan.com> wrote: > > Oops, looks like my replies weren't making it to the mailing list (forgot to > change the "From" option). > > Anyway, I intended to reply to the list and not just Robert... > >> On Tue, Oct 9, 2018 at 11:18 AM Matt Moldvan <sandwormu...@gmail.com> wrote: >> Yeah, makes sense. My point was that Red Hat expecting this to be done by >> it's customers is silly and they shouldn't be using self signed certs in the >> path and making their customers do extra work... >> >>> On Tue, Oct 9, 2018 at 9:50 AM Robert Paschedag <robert.pasche...@web.de> >>> wrote: >>> Am 9. Oktober 2018 15:24:55 MESZ schrieb sandwormusmc >>> <sandwormu...@gmail.com>: >>> >Looks like an issue Red Hat should fix, too be honest. While you could >>> >pull the CA cert of the issuer and import it, I get an invalid issuer >>> >error when I pull up that URL in my browser, too. So updating your CA >>> >certs may not help either (unless Red Hat provides the root cert for >>> >whomever generated the cert for cdn.redhat.com). >>> >If you have a Red Hat support contract, I would open a ticket with this >>> >information and ask for their input. >>> > >>> > >>> >Sent from my Verizon, Samsung Galaxy smartphone >>> >-------- Original message --------From: "Irwin, Jeffrey" >>> ><jeffrey.ir...@rivertechllc.com> Date: 10/9/18 8:46 AM (GMT-05:00) >>> >To: Robert Paschedag <robert.pasche...@web.de>, >>> >spacewalk-list@redhat.com Subject: Re: [Spacewalk-list] RHEL repo sync >>> >error - CURL #60 >>> >I have tried this with a local mirror repo......no dice, tried it with >>> >subscribed RHEL repo, no dice, trying to track this pesky cert issue. >>> >Will check out the man page and see, would be nice to see a more >>> >verbose indication of what cert it is trying to use, where it is, etc.. >>> >________________________________________ >>> >From: Robert Paschedag <robert.pasche...@web.de> >>> >Sent: Tuesday, October 9, 2018 8:41 AM >>> >To: spacewalk-list@redhat.com; Irwin, Jeffrey; >>> >spacewalk-list@redhat.com >>> >Subject: Re: [Spacewalk-list] RHEL repo sync error - CURL #60 >>> > >>> >Am 9. Oktober 2018 14:04:25 MESZ schrieb "Irwin, Jeffrey" >>> ><jeffrey.ir...@rivertechllc.com>: >>> >>?Same issue I ma having, interested to see the solution. >>> > >>> >I think manpage of update-ca-certificates should help. >>> > >>> >Get the issuer cert, update the local CA certs and it should run (in >>> >case, there is no new rpm which updates the certs) >>> > >>> >Robert >>> >> >>> >>________________________________ >>> >>From: spacewalk-list-boun...@redhat.com >>> >><spacewalk-list-boun...@redhat.com> on behalf of Raymond Setchfield >>> >><raymond.setchfi...@gmail.com> >>> >>Sent: Monday, October 8, 2018 6:47 AM >>> >>To: spacewalk-list@redhat.com >>> >>Subject: [Spacewalk-list] RHEL repo sync error - CURL #60 >>> >> >>> >>Hi >>> >> >>> >>I have been attempting to pull the RHEL updates into spacewalk, and I >>> >>am receiving the following error; >>> >> >>> >># spacewalk-repo-sync -c rhel07-update >>> >>11:44:03 ====================================== >>> >>11:44:03 | Channel: rhel07-update >>> >>11:44:03 ====================================== >>> >>11:44:03 Sync of channel started. >>> >>11:44:03 >>> >>11:44:03 Processing repository with URL: >>> >>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os >>> >>Repository group_spacewalkproject-java-packages is listed more than >>> >>once in the configuration >>> >>11:44:03 ERROR: failure: repodata/repomd.xml from rhel07-update.repo: >>> >>[Errno 256] No more mirrors to try. >>> >>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml: >>> >>[Errno 14] curl#60 - "Peer's certificate issuer has been marked as not >>> >>trusted by the user." >>> >>11:44:03 Sync of channel completed in 0:00:00. >>> >>11:44:03 Total time: 0:00:00 >>> >> >>> >>Looking into this it appears to be a certificate issue from what I can >>> >>gather. My assumption is to use the "redhat-uep.pem" Is this correct? >>> >>If so where do I place this to allow the curl to work? Or am I off in >>> >>the wrong direction >>> >> >>> >>Thanks >>> >> >>> >>Ray >>> > >>> > >>> >-- >>> >sent from my mobile device >>> > >>> >_______________________________________________ >>> >Spacewalk-list mailing list >>> >Spacewalk-list@redhat.com >>> >https://www.redhat.com/mailman/listinfo/spacewalk-list >>> >>> There is a self signed cert within the SSL path, which does not seem to be >>> on your cert parts. >>> >>> So download the certs via the browser (export root ca and intermediate >>> cas), put the in the "anchors" directory (where update-ca-trust or >>> update-ca-certificates wants them to be), update the certs... Then try >>> again. >>> >>> Robert >>> -- >>> sent from my mobile device > _______________________________________________ > Spacewalk-list mailing list > Spacewalk-list@redhat.com > https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
