cdn.redhat.com SSL certificate invalid??

Latest response

I'm trying to do some updates via yum.  The updates were failing so I tried a yum search and got the following error:

 

https://cdn.redhat.com/content/dist/rhel/workstation/6/6Workstation/i386/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-6-workstation-rpms. Please verify its path and try again
 

I tried to follow the link in Firefox and also received a warning that the certificate for cdn.redhat.com was invalid because it wasn't issued by a trusted authority.  What's the resolution on this? 

Responses

I've been digging into intermittent problems on cdn.redhat.com the last day or so.  Is this reproducible for you?

 

As to your Firefox error, the CA that signs certificates for cdn.redhat.com does not ship with web browsers.  That's why Firefox thinks it's untrusted.  The subscription-manager tools ship with the trusted CA.  This is unrelated to the "Problem with the SSL CA cert (path? access rights?)" error.

I'm having the same issue, and its reproducible

Could you please provide a temporary fix at least?

Christian,

If you received this message within the past week, it was likely a temporary issue with the Red Hat CDN. If this error is still occurring for you, please contact Red Hat Support.

same for me here:the server'scdn.redhat.com certificate missconfigured!

wget https://cdn.redhat.com/content/beta/layered/rhel8/x86_64/sat-tools/6/os/repodata/repomd.xml

--2020-08-05 02:39:37-- https://cdn.redhat.com/content/beta/layered/rhel8/x86_64/sat-tools/6/os/repodata/repomd.xml Resolving cdn.redhat.com (cdn.redhat.com)... 173.222.212.251 Connecting to cdn.redhat.com (cdn.redhat.com)|173.222.212.251|:443... connected. ERROR: The certificate of ‘cdn.redhat.com’ is not trusted. ERROR: The certificate of ‘cdn.redhat.com’ hasn't got a known issuer.

Was this ever fixed? I get an Access Denied. Thanks.

Hi Shane,

I updated several systems I have directly connected to Red Hat very recently, however not today (February 17th, 2021).

Make sure to do the obvious things of clearing yum cache, validating your subscription-manager status is good for the system. I've seen some examples where Red Hat recommended deregistering a system, and re-adding the repositories. (Please open a case with Red Hat through)

I recommend anyone facing this issue simply open a case directly with Red Hat since there could easily be different possible issues facing different customer scenarios.

Kind Regards,
RJ

Having the same issues on RHEL 8.3.

Hi, cdn.redhat.com is not signed by a general ssl authority (ie it's not in your ca-certificates bundle). The ca cert should reside on your rhel system in /etc/rhsm/ca/redhat-uep.pem or something like that -- check your repository config. There is also a kbase article on the whole thing: https://access.redhat.com/articles/1373143

Dear all,

It is no more possible to update my RHEL test server using YUM, 'cause of an "untrusted cetificate". So, I'm now tryin to install a new 8.5 RHEL Linux server to replace my 8.2 system, but I have the same issue. I cannot update the certificates on the "install in progress" RHEL 8.5 system, so how can I solve that issue ?

Can somebody help as I have no answer from the support, except an "SOS report" request that cannot be generated os far.

Best regards, Jean