CDS sync fails with error "sslv3 alert certificate expired" due to expired qpid CA certificates on RHUI

Solution Verified - Updated -

Issue

  • Running rhui-manager fails with the following error message:
# rhui-manager status
Traceback (most recent call last):
  File "/usr/bin/rhui-manager", line 16, in <module>
    rhui.tools.launcher.main()
  File "/usr/lib/python2.6/site-packages/rhui/tools/launcher.py", line 341, in main
    cli.run(args)
  File "/usr/lib/python2.6/site-packages/rhui/common/cli.py", line 276, in run
    command_or_section.execute(remaining_args)
  File "/usr/lib/python2.6/site-packages/rhui/common/cli.py", line 117, in execute
    self.method(**arg_dict)
  File "/usr/lib/python2.6/site-packages/rhui/tools/commands/status.py", line 51, in show
    ret_code = self._status(kwargs['--code'])
  File "/usr/lib/python2.6/site-packages/rhui/tools/commands/status.py", line 60, in _status
    cds_instances = self.pulp.cds_with_sync_status()
  File "/usr/lib/python2.6/site-packages/rhui/tools/pulp_api.py", line 556, in cds_with_sync_status
    cds_list = self.cds_list()
  File "/usr/lib/python2.6/site-packages/rhui/tools/pulp_api.py", line 547, in cds_list
    raise e
pulp.client.api.server.ServerRequestError: (None, 'sslv3 alert certificate expired', None)
  • Red Hat Update Infrastructure uses a qpid message broker for internal communications. These communication processes are secured by SSL, which is set up using the /usr/bin/nss-db-gen script on the RHUA server. Unless configured otherwise, the SSL CA certificate for the qpid message broker will expire after fifteen months: twelve months are the default value used by the nss-db-gen script, plus the default three-month expiration provided by /usr/bin/certutil. Once the certificate has expired, the CDS servers will no longer be able to sync content with the RHUA server.

  • CDS sync fails with error sslv3 alert certificate expired due to expired qpid CA certificates on RHUI 2, How to regenerate qpid certificates?

Environment

  • Red Hat Update Infrastructure (RHUI) 2.0 or later

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content