SSL certificate invalid??

Latest response

I'm trying to do some updates via yum.  The updates were failing so I tried a yum search and got the following error: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-6-workstation-rpms. Please verify its path and try again

I tried to follow the link in Firefox and also received a warning that the certificate for was invalid because it wasn't issued by a trusted authority.  What's the resolution on this? 


I've been digging into intermittent problems on the last day or so.  Is this reproducible for you?


As to your Firefox error, the CA that signs certificates for does not ship with web browsers.  That's why Firefox thinks it's untrusted.  The subscription-manager tools ship with the trusted CA.  This is unrelated to the "Problem with the SSL CA cert (path? access rights?)" error.

I'm having the same issue, and its reproducible

Could you please provide a temporary fix at least?


If you received this message within the past week, it was likely a temporary issue with the Red Hat CDN. If this error is still occurring for you, please contact Red Hat Support.

same for me here:the server' certificate missconfigured!


--2020-08-05 02:39:37-- Resolving ( Connecting to (||:443... connected. ERROR: The certificate of ‘’ is not trusted. ERROR: The certificate of ‘’ hasn't got a known issuer.

Was this ever fixed? I get an Access Denied. Thanks.

Hi Shane,

I updated several systems I have directly connected to Red Hat very recently, however not today (February 17th, 2021).

Make sure to do the obvious things of clearing yum cache, validating your subscription-manager status is good for the system. I've seen some examples where Red Hat recommended deregistering a system, and re-adding the repositories. (Please open a case with Red Hat through)

I recommend anyone facing this issue simply open a case directly with Red Hat since there could easily be different possible issues facing different customer scenarios.

Kind Regards,

Having the same issues on RHEL 8.3.

Hi, is not signed by a general ssl authority (ie it's not in your ca-certificates bundle). The ca cert should reside on your rhel system in /etc/rhsm/ca/redhat-uep.pem or something like that -- check your repository config. There is also a kbase article on the whole thing:

Dear all,

It is no more possible to update my RHEL test server using YUM, 'cause of an "untrusted cetificate". So, I'm now tryin to install a new 8.5 RHEL Linux server to replace my 8.2 system, but I have the same issue. I cannot update the certificates on the "install in progress" RHEL 8.5 system, so how can I solve that issue ?

Can somebody help as I have no answer from the support, except an "SOS report" request that cannot be generated os far.

Best regards, Jean

Getting same issue have any solution , [root@localhost ~]# yum install bind Updating Subscription Management repositories. Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 0.0 B/s | 0 B 00:01 Errors during downloading metadata for repository 'rhel-8-for-x86_64-appstream-rpms': - Curl error (91): SSL server certificate status verification FAILED for [OCSP response has expired] Error: Failed to download metadata for repo 'rhel-8-for-x86_64-appstream-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

In your case, it seems it is related to this bug Solution:

This command work for me.

OCSP stapling can be disabled using the following:

$ REPOS=$(awk '/^[/ {gsub(/[[]]/, "", $0); printf("--repo %s ", $0)}' /etc/yum.repos.d/redhat.repo) $ sudo subscription-manager repo-override --add sslverifystatus:0 $REPOS

The above can be reverted (following stabilization of the system clock) using the command below, assuming there are no other repo-overrides present:

$ sudo subscription-manager repo-override --remove-all