subscription-manager certificate verify failed

Latest response

Around 7:17 AM EST this morning, all of our RHEL workstations started getting errors with subscription-manager:

[root@ceres scripts]# /usr/sbin/subscription-manager status
+-------------------------------------------+
System Status Details
+-------------------------------------------+
Overall Status: Unknown

[root@ceres scripts]# /usr/sbin/subscription-manager identity
server type: RHN Classic and Red Hat Subscription Management
Unable to verify server's identity: certificate verify failed

All of the workstations are running 6.5/6.6 with most having 6.6 including python-rhsm-1.12.5-2.el6.x86_64.

From the rhsm logs:

2014-10-29 07:17:10,094 [INFO] subscription-manager @managercli.py:298 - Client Versions: {'python-rhsm': '1.12.5-2.el6', 'subscription-manager': '1.12.14-7.el6'}
2014-10-29 07:17:10,094 [INFO] subscription-manager @connection.py:659 - Using certificate authentication: key = /etc/pki/consumer/key.pem, cert = /etc/pki/consumer/cert.pem, ca = /etc/rhsm/ca/, insecure = False
2014-10-29 07:17:10,095 [INFO] subscription-manager @connection.py:670 - Connection Built: host: subscription.rhn.redhat.com, port: 443, handler: /subscription
2014-10-29 07:17:10,095 [INFO] subscription-manager @connection.py:666 - Using no auth
2014-10-29 07:17:10,095 [INFO] subscription-manager @connection.py:670 - Connection Built: host: subscription.rhn.redhat.com, port: 443, handler: /subscription
2014-10-29 07:17:10,113 [DEBUG] subscription-manager @connection.py:414 - Loaded CA certificates from /etc/rhsm/ca/: candlepin-stage.pem, redhat-uep.pem
2014-10-29 07:17:10,114 [DEBUG] subscription-manager @connection.py:446 - Making request: GET /subscription/
2014-10-29 07:17:10,252 [ERROR] subscription-manager @utils.py:263 - Error while checking server version: certificate verify failed
2014-10-29 07:17:10,253 [ERROR] subscription-manager @utils.py:265 - certificate verify failed
Traceback (most recent call last):
File "/usr/share/rhsm/subscription_manager/utils.py", line 243, in get_server_versions
if cp.supports_resource("status"):
File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 696, in supports_resource
self._load_supported_resources()
File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 683, in _load_supported_resources
resources_list = self.conn.request_get("/")
File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 550, in request_get
return self._request("GET", method)
File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 453, in _request
conn.request(request_type, handler, body=body, headers=headers)
File "/usr/lib64/python2.6/httplib.py", line 914, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.6/httplib.py", line 951, in _send_request
self.endheaders()
File "/usr/lib64/python2.6/httplib.py", line 908, in endheaders
self._send_output()
File "/usr/lib64/python2.6/httplib.py", line 780, in _send_output
self.send(msg)
File "/usr/lib64/python2.6/httplib.py", line 739, in send
self.connect()
File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 58, in connect
sock.connect((self.host, self.port))
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: certificate verify failed

Responses

Hmm, from the rhsmcertd.log, at 6:07 AM, there appears to be a certificate update. Perhaps something got screwed up.

Hi Matt, are you still having difficulties with this, or is the issue resolved?

Problem went away a couple hours after I posted this. Must have been an issue at Redhat. Been too busy to drop back by.

I have the same problem after inserting a ssl certificate validated in the satellite server.

facing below error while registering client to satellite :- Unable to verify server's identity: certificate verify failed

I encountered the same question, i uninstalled and reinstalled subscription-manager rpms, maybe you can try.

Is there another thread relating to this issue? I cannot resolve this issue on my side for clients connecting to a Satellite 6.4, after the Satellite server and most of the clients migrated to a different DC, where IP addresses changed, but host names stayed the same.