Errno 14 problem making ssl connection

Latest response

Hi all, I just did a fresh installation of RHEL 6.3, but I'm having difficulties running yum.  When I run yum update or any other yum command, I receive the following error:

 

Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/cf-tools/1/os/repodata/repomd.xml: [Errno 14] problem making ssl connection
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-6-server-cf-tools-1-rpms. Please verify its path and try again
 

Any ideas?

Responses

Hi Richard,

 

Check firewall settings within the network and system. I believe it seems some where firewall causing the problem. Are you using proxy? then check the connectivity between the HTTP proxy machine and the Internet.

 

I hope it helps.

 

Regards,

Anand

Thanks for the quick reply, Anand.  I changed SELINUX to permissive (from enforcing) and disabled iptables, but still no luck.  I also tried using curl, which appears to connect ok, but maybe the problem is with a certificate?

 

[root@myServer ~]# curl -v --key /etc/pki/entitlement/5288257374715728121-key.pem --cert /etc/pki/entitlement/5288257374715728121.pem -k https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/cf-tools/1/os/repodata/repomd.xml
* About to connect() to cdn.redhat.com port 443 (#0)
*   Trying 184.51.36.251... connected
* Connected to cdn.redhat.com (184.51.36.251) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* NSS: client certificate not found: /etc/pki/entitlement/5288257374715728121.pem
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
*       subject: CN=cdn.redhat.com,OU=IT,O="Red Hat, Inc.",L=Raleigh,ST=NORTH CAROLINA,C=US
*       start date: Jul 19 16:16:14 2010 GMT
*       expire date: Jul 16 16:16:14 2020 GMT
*       common name: cdn.redhat.com
*       issuer: E=ca-support@redhat.com,CN=Red Hat Entitlement Operations Authority,OU=Red Hat Network,O="Red Hat, Inc.",ST=North Carolina,C=US
> GET /content/dist/rhel/server/6/6Server/x86_64/cf-tools/1/os/repodata/repomd.xml HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: cdn.redhat.com
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: AkamaiGHost
< Mime-Version: 1.0
< Content-Type: text/html
< Content-Length: 395
< Expires: Tue, 27 Nov 2012 23:24:32 GMT
< Date: Tue, 27 Nov 2012 23:24:32 GMT
< X-Cache: TCP_DENIED from a209-8-112-124.deploy.akamaitechnologies.com (AkamaiGHost/6.9.5-10056421) (-)
< Connection: keep-alive
< X-Akamai-Request-ID: 2d6acb17
<
<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>

You don't have permission to access "http&#58;&#47;&#47;cdn&#46;redhat&#46;com&#47;content&#47;dist&#47;rhel&#47;server&#47;6&#47;6Server&#47;x86&#95;64&#47;cf&#45;tools&#47;1&#47;os&#47;repodata&#47;repomd&#46;xml" on this server.<P>
Reference&#32;&#35;18&#46;7c7008d1&#46;1354058672&#46;2d6acb17
</BODY>
</HTML>
* Connection #0 to host cdn.redhat.com left intact
* Closing connection #0
 

Hi Richard,

 

Thanks for the curl output. 

 

HTTP/1.1 403 Forbidden
< Server: AkamaiGHost
< Mime-Version: 1.0
< Content-Type: text/html
< Content-Length: 395
< Expires: Tue, 27 Nov 2012 23:24:32 GMT
< Date: Tue, 27 Nov 2012 23:24:32 GMT
< X-Cache: TCP_DENIED from a209-8-112-124.deploy.akamaitechnologies.com (AkamaiGHost/6.9.5-10056421) (-)
< Connection: keep-alive
< X-Akamai-Request-ID: 2d6acb17
<
<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1> You don't have permission to access

 

It seems access to the resource identified by the URL is  forbidden. I believe this is due to the below issue.

 

How do I disable Location Aware Updates with Red Hat Subscription Management?

https://access.redhat.com/knowledge/solutions/59586

 

Give it a try and report back the results.

 

Regards,

Anand

Hi Anand,

 

Where do I include these CIDR entries?  I am using a Cisco RV180W router, but I couldn't find anywhere to include the entries referenced in the link you provided.

 

Thanks,

 

Richard

Hi Richard,

 

Even I am not sure about how to configure on Cisco RV180W route. May be your network team can help?

 

Here are are little more details.

 

How do I configure my firewall so that I can access the Red Hat Subscription Manager (RHSM) and Red Hat Network (RHN)?

https://access.redhat.com/knowledge/solutions/65300

 

If its urgent then un-register from certificate-based RHN and register to RHN classic, that should resolve your issue temporarily.

 

Regards,

Anand

Hi Anand,

 

Switching over to RHN classic did the trick.  Thanks for your help.

 

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.