Registering a Red Hat Enterprise Linux system through Blue Coat Proxy
Environment
- Red Hat Enterprise Linux (RHEL)
- Third-party proxy:
- Blue Coat Systems ProxySG
- Symantec ProxySG and Advanced Secure Gateway (ASG)
Issue
- Proxy directives not correctly set.
- How to configure Blue Coat to disable certificate validation for Red Hat Customer Portal?
-
After updating Blue Coat proxy, it is not possible to update the system anymore:
# yum update Loaded plugins: enabled_repos_upload, package_upload, product-id, search-disabled-repos, subscription- : manager, vdsmupgrade https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized." Trying other mirror. It was impossible to connect to the Red Hat servers. This could mean a connectivity issue in your environment, such as the requirement to configure a proxy, or a transparent proxy that tampers with TLS security, or an incorrect system clock. Please collect information about the specific failure that occurs in your environment, using the instructions in: https://access.redhat.com/solutions/1527033 and open a ticket with Red Hat Support
Resolution
Disclaimer: The following information has been provided by Red Hat, but is outside the scope of the posted Service Level Agreements and support procedures. The information is provided as-is and any configuration settings or installed applications made from the information in this article could make the Operating System unsupported by Red Hat Global Support Services. The intent of this article is to provide information to accomplish the system's needs. Use of the information in this article at the user's own risk.
Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.
Third-party software is unsupported by Red Hat. Contact the software vendor (Symantec) documentation or support for further instructions.
Add the following directive in Blue Coat proxy to disable certificate validation for traffic on the domain redhat.com:
<proxy>
url.domain="redhat.com" server.certificate.validate(no)
-
External links to vendor's documentation for reference:
Root Cause
Blue Coat proxy was attempting to validate your SSL connection resulting in SSL handshake failure.
Diagnostic Steps
The subscription-manager command output:
[root@broken ~]# subscription-manager register --auto-attach --username=proxy_man --password=proxy_pass
sslv3 alert handshake failure
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments