Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

Latest response

I am trying to register but it shows only
"Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed "
Could you please help me out and How to register in Subscription Management
System : centos 8

Responses

Hi Manikandan,

Please execute the following commands ... :)

sudo subscription-manager remove --all
sudo subscription-manager unregister
sudo subscription-manager clean

sudo subscription-manager register
sudo subscription-manager refresh
sudo subscription-manager attach --auto

Regards,
Christian

Hi Christian Labisch,

Thanks for the quick response. Actually i did the same but still its showing the same error.

The issue That i pasted below. could you please help me out

[Manikandan-Verah@localhost ~]$ sudo subscription-manager remove --all

[sudo] password for Manikandan-Verah: 0 subscriptions removed from this system.

[Manikandan-Verah@localhost ~]$ sudo subscription-manager unregister This system is currently not registered.

[Manikandan-Verah@localhost ~]$ sudo subscription-manager clean All local data removed

[Manikandan-Verah@localhost ~]$ sudo subscription-manager register Registering to: subscription.rhsm.redhat.com:443/subscription Username: Manikandan-Verah Password: Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)

[Manikandan-Verah@localhost ~]$

Hi Manikandan,

Did you by chance forget to enable network during the installation process ? If you did, enable it. :)

Regards,
Christian

Hi Manikandan ive the same issue, eventhough remove -all, unregister and clean all. My other box is able to connect without any issue except this ! appreciate any help

Hi Sharia,

This is an older thread posted on October 2019. If you've already done those steps suggested by Christian then you could try the solution provided in this article: https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/certs-troubleshoot-verify

I hope this helps.

Thank you Sadashiva I've tried that but had no luck. What i found in my rhsm.log was - it was trying to go through proxy instead of connecting my local satellite and then i turned off proxy setting. Easy as - when you figure out :)

That is true. Anyways, nice that you got it fixed.

How did you turn off proxy settings in redhat? I seem to have the same problem. Thank you

This proxy settings are found in the file '/etc/rhsm/rhsm.conf' and this configuration would be used when system gets registered with Red Hat CDN.

vi /etc/rhsm/rhsm.conf

host/domain suffix blacklist for proxy, if needed

no_proxy =*

Oh I was using redhat 7.3 not Centos, even though I added the option its giving the same error. "Unable to verify server's identity: certificate verify failed".

I had installed RHEL 7.3 in a virtual machine VMWare Workstation 15. I was wondering if you know how to check the following items Your local network has the routes and SSL proxy rules it needs to connect. That firewall/proxy administrators to see if any HTTPS inspection is being performed.

Check the below discussion thread which may be of some help: https://access.redhat.com/discussions/5038071

For the error, Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed, use below steps.

Step 1: Go to below directory and change the Proxy settings

vi /etc/rhsm/rhsm.conf

an http proxy server to use

proxy_hostname =proxy.domain.com

port for http proxy server

proxy_port =8080

Note: Proxy Hostname and Port which you are using to connect internet(Here I have used my official proxy).

While registering redhat subscription i am below error, can someone help me to resolve this error.

[root@master ~]# subscription-manager register --username=${user_name} --password=${password} Registering to: subscription.rhsm.redhat.com:443/subscription Username: ******* Password: ******* Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)

Hi Bala,

Check out the suggestions being provided in this discussion.
If nothing helps, contact the Red Hat Customer Service team.
Oh, and edit your post and remove your private mail address. :)

Regards,
Christian

I've solved this issue by setting insecure to true. for some unknown reasons, the file /etc/rhsm/ca/redhat-uep.pem is disappeared after we install "subscription-manager-rhsm-certificates" in CentOS8 (whichever yum and dnf) .

follow the steps below:

vi /etc/rhsm/rhsm.conf

Set to 1 to disable certificate validation:

insecure = 1

CentOS issue: https://bugs.centos.org/view.php?id=17907

Altering insecure in rhsm.conf fixed the issue. vi /etc/rhsm/rhsm.conf

Set to 1 to disable certificate validation: insecure = 1

Anyone landing here,

I found a method that works for this that does not include setting /etc/rhsm.conf to insecure = 1.

In my case, I had to transfer a system from an old satellite server to a new one and performed these steps.

Environment

  • Red Hat system that was on a previous satellite server, and migrating it to a new satellite
  • Current system is subscribed to a Satellite, and needs to be migrated

Issue

  • Received errors with attempts to register such as "subscription-manager register unable to verify server's identity"

Resolution

[root@yourserver] # rpm -qa  | grep katello-ca
katello-ca-consumer-satellitedev1v.your_fqdn.org-1.0-4.noarch
[root@yourserver] # rpm -e katello-ca-consumer-satellitedev1v.your_fqdn.org-1.0-4.noarch
[root@yourserver] # subscription-manager unregister
[root@yourserver] # subscription-manager clean
All local data removed

Important, validate you are doing the next step with the hostname/ip address of your new satellite: The rpm mentioned below will be on the web servers' "/pub" directory under /var/www/html/pub and the "katello-ca-consumer-latest.noarch.rpm" is a symbolic link leading to the most current rpm.

[root@yourserver] # rpm -ivh http://satellitedev2v/pub/katello-ca-consumer-latest.noarch.rpm

Registration goes much easier if you use an "activation key" to assign (from your Satellite server) subscriptions, repositories.

[root@yourserver] # subscription-manager register --org="dev" --activationkey="dev_rhel7_server" --force 

The "--force" above is overkill. The repositories are defined in the activation key on your satellite server where you created it. Recommend going to the Satellite server and check the Web UI for the system to appear in web UI menu of "Hosts >>All Hosts" and if needed, change the Org and Location contexts (at top) to All. If needed, change the location and organization for the host if it did not get put in the proper place.

This is what we used when we had to migrate a system from a previous satellite server we were eliminating after standing up a new satellite. We also had a custom SSL server certificate we got from a Certificate Authority provider on the satellite server.

Regards,
RJ