subscription-manager certificate verify failed

Latest response

Around 7:17 AM EST this morning, all of our RHEL workstations started getting errors with subscription-manager:

[root@ceres scripts]# /usr/sbin/subscription-manager status
System Status Details
Overall Status: Unknown

[root@ceres scripts]# /usr/sbin/subscription-manager identity
server type: RHN Classic and Red Hat Subscription Management
Unable to verify server's identity: certificate verify failed

All of the workstations are running 6.5/6.6 with most having 6.6 including python-rhsm-1.12.5-2.el6.x86_64.

From the rhsm logs:

2014-10-29 07:17:10,094 [INFO] subscription-manager - Client Versions: {'python-rhsm': '1.12.5-2.el6', 'subscription-manager': '1.12.14-7.el6'}
2014-10-29 07:17:10,094 [INFO] subscription-manager - Using certificate authentication: key = /etc/pki/consumer/key.pem, cert = /etc/pki/consumer/cert.pem, ca = /etc/rhsm/ca/, insecure = False
2014-10-29 07:17:10,095 [INFO] subscription-manager - Connection Built: host:, port: 443, handler: /subscription
2014-10-29 07:17:10,095 [INFO] subscription-manager - Using no auth
2014-10-29 07:17:10,095 [INFO] subscription-manager - Connection Built: host:, port: 443, handler: /subscription
2014-10-29 07:17:10,113 [DEBUG] subscription-manager - Loaded CA certificates from /etc/rhsm/ca/: candlepin-stage.pem, redhat-uep.pem
2014-10-29 07:17:10,114 [DEBUG] subscription-manager - Making request: GET /subscription/
2014-10-29 07:17:10,252 [ERROR] subscription-manager - Error while checking server version: certificate verify failed
2014-10-29 07:17:10,253 [ERROR] subscription-manager - certificate verify failed
Traceback (most recent call last):
File "/usr/share/rhsm/subscription_manager/", line 243, in get_server_versions
if cp.supports_resource("status"):
File "/usr/lib64/python2.6/site-packages/rhsm/", line 696, in supports_resource
File "/usr/lib64/python2.6/site-packages/rhsm/", line 683, in _load_supported_resources
resources_list = self.conn.request_get("/")
File "/usr/lib64/python2.6/site-packages/rhsm/", line 550, in request_get
return self._request("GET", method)
File "/usr/lib64/python2.6/site-packages/rhsm/", line 453, in _request
conn.request(request_type, handler, body=body, headers=headers)
File "/usr/lib64/python2.6/", line 914, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.6/", line 951, in _send_request
File "/usr/lib64/python2.6/", line 908, in endheaders
File "/usr/lib64/python2.6/", line 780, in _send_output
File "/usr/lib64/python2.6/", line 739, in send
File "/usr/lib64/python2.6/site-packages/M2Crypto/", line 58, in connect
sock.connect((, self.port))
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/", line 178, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: certificate verify failed


Hmm, from the rhsmcertd.log, at 6:07 AM, there appears to be a certificate update. Perhaps something got screwed up.

Hi Matt, are you still having difficulties with this, or is the issue resolved?

Problem went away a couple hours after I posted this. Must have been an issue at Redhat. Been too busy to drop back by.

I have the same problem after inserting a ssl certificate validated in the satellite server.

facing below error while registering client to satellite :- Unable to verify server's identity: certificate verify failed

I encountered the same question, i uninstalled and reinstalled subscription-manager rpms, maybe you can try.

Is there another thread relating to this issue? I cannot resolve this issue on my side for clients connecting to a Satellite 6.4, after the Satellite server and most of the clients migrated to a different DC, where IP addresses changed, but host names stayed the same.