Subscription Management (and DNF) through SSL Inspection

Posted on

Has anyone managed to get subscription-management or dnf working (on RHEL8) through a firewall doing SSL inspection?

I've installed our root cert, and curl works fine - but following this solution's troubleshooting doesn't, as it specifies a specific CA cert. It goes on to say simply disable SSL inspection - but unfortunately there's some security push-back given the scope of the URLs that it's requesting (* and * specifically).

Have tried insecure = 1 in rhsm.conf, no dice.

[root@rheltest ~]# subscription-manager register --username xxx --password yyy --auto-attach;
Registering to:
Unable to verify server's identity: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:897)

Appreciate any insight on this.