cdn.redhat.com SSL certificate invalid??

Latest response

I'm trying to do some updates via yum.  The updates were failing so I tried a yum search and got the following error:

 

https://cdn.redhat.com/content/dist/rhel/workstation/6/6Workstation/i386/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-6-workstation-rpms. Please verify its path and try again
 

I tried to follow the link in Firefox and also received a warning that the certificate for cdn.redhat.com was invalid because it wasn't issued by a trusted authority.  What's the resolution on this? 

da
Log in to join the conversation

Responses

BL Red Hat Newbie 15 points
30 November 2011 6:40 PM

I've been digging into intermittent problems on cdn.redhat.com the last day or so.  Is this reproducible for you?

 

As to your Firefox error, the CA that signs certificates for cdn.redhat.com does not ship with web browsers.  That's why Firefox thinks it's untrusted.  The subscription-manager tools ship with the trusted CA.  This is unrelated to the "Problem with the SSL CA cert (path? access rights?)" error.

SS Newbie 12 points
16 November 2016 9:24 PM

I'm having the same issue, and its reproducible

CR Newbie 11 points
26 April 2017 4:18 PM

Could you please provide a temporary fix at least?

RD Red Hat Guru 1316 points
1 May 2017 11:40 PM

Christian,

If you received this message within the past week, it was likely a temporary issue with the Red Hat CDN. If this error is still occurring for you, please contact Red Hat Support.

AB Community Member 26 points
5 August 2020 7:42 AM

same for me here:the server'scdn.redhat.com certificate missconfigured!

wget https://cdn.redhat.com/content/beta/layered/rhel8/x86_64/sat-tools/6/os/repodata/repomd.xml

--2020-08-05 02:39:37-- https://cdn.redhat.com/content/beta/layered/rhel8/x86_64/sat-tools/6/os/repodata/repomd.xml Resolving cdn.redhat.com (cdn.redhat.com)... 173.222.212.251 Connecting to cdn.redhat.com (cdn.redhat.com)|173.222.212.251|:443... connected. ERROR: The certificate of ‘cdn.redhat.com’ is not trusted. ERROR: The certificate of ‘cdn.redhat.com’ hasn't got a known issuer.

SF Newbie 5 points
17 February 2021 10:42 PM

Was this ever fixed? I get an Access Denied. Thanks.

RJ Hinton's picture Guru 22286 points
17 February 2021 11:01 PM

Hi Shane,

I updated several systems I have directly connected to Red Hat very recently, however not today (February 17th, 2021).

Make sure to do the obvious things of clearing yum cache, validating your subscription-manager status is good for the system. I've seen some examples where Red Hat recommended deregistering a system, and re-adding the repositories. (Please open a case with Red Hat through)

I recommend anyone facing this issue simply open a case directly with Red Hat since there could easily be different possible issues facing different customer scenarios.

Kind Regards,
RJ

DP Newbie 10 points
14 April 2021 12:48 PM

Having the same issues on RHEL 8.3.

KD Newbie 5 points
18 April 2021 6:25 PM

Hi, cdn.redhat.com is not signed by a general ssl authority (ie it's not in your ca-certificates bundle). The ca cert should reside on your rhel system in /etc/rhsm/ca/redhat-uep.pem or something like that -- check your repository config. There is also a kbase article on the whole thing: https://access.redhat.com/articles/1373143

SD Newbie 11 points
19 November 2021 9:38 AM

Dear all,

It is no more possible to update my RHEL test server using YUM, 'cause of an "untrusted cetificate". So, I'm now tryin to install a new 8.5 RHEL Linux server to replace my 8.2 system, but I have the same issue. I cannot update the certificates on the "install in progress" RHEL 8.5 system, so how can I solve that issue ?

Can somebody help as I have no answer from the support, except an "SOS report" request that cannot be generated os far.

Best regards, Jean

Mr Newbie 7 points
17 November 2022 6:59 AM

Getting same issue have any solution , [root@localhost ~]# yum install bind Updating Subscription Management repositories. Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 0.0 B/s | 0 B 00:01 Errors during downloading metadata for repository 'rhel-8-for-x86_64-appstream-rpms': - Curl error (91): SSL server certificate status verification FAILED for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/repomd.xml [OCSP response has expired] Error: Failed to download metadata for repo 'rhel-8-for-x86_64-appstream-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

FA Red Hat Community Member 35 points
23 November 2022 5:24 AM

In your case, it seems it is related to this bug https://bugzilla.redhat.com/show_bug.cgi?id=2131094. Solution: https://access.redhat.com/solutions/6978398

MB Newbie 15 points
30 January 2023 11:47 AM

This command work for me.

OCSP stapling can be disabled using the following:

$ REPOS=$(awk '/^[/ {gsub(/[[]]/, "", $0); printf("--repo %s ", $0)}' /etc/yum.repos.d/redhat.repo) $ sudo subscription-manager repo-override --add sslverifystatus:0 $REPOS

The above can be reverted (following stabilization of the system clock) using the command below, assuming there are no other repo-overrides present:

$ sudo subscription-manager repo-override --remove-all