CDS sync fails with error "sslv3 alert certificate expired" due to expired qpid CA certificates on RHUI

Solution Verified - Updated -


  • Running rhui-manager fails with the following error message:
# rhui-manager status
Traceback (most recent call last):
  File "/usr/bin/rhui-manager", line 16, in <module>
  File "/usr/lib/python2.6/site-packages/rhui/tools/", line 341, in main
  File "/usr/lib/python2.6/site-packages/rhui/common/", line 276, in run
  File "/usr/lib/python2.6/site-packages/rhui/common/", line 117, in execute
  File "/usr/lib/python2.6/site-packages/rhui/tools/commands/", line 51, in show
    ret_code = self._status(kwargs['--code'])
  File "/usr/lib/python2.6/site-packages/rhui/tools/commands/", line 60, in _status
    cds_instances = self.pulp.cds_with_sync_status()
  File "/usr/lib/python2.6/site-packages/rhui/tools/", line 556, in cds_with_sync_status
    cds_list = self.cds_list()
  File "/usr/lib/python2.6/site-packages/rhui/tools/", line 547, in cds_list
    raise e
pulp.client.api.server.ServerRequestError: (None, 'sslv3 alert certificate expired', None)
  • Red Hat Update Infrastructure uses a qpid message broker for internal communications. These communication processes are secured by SSL, which is set up using the /usr/bin/nss-db-gen script on the RHUA server. Unless configured otherwise, the SSL CA certificate for the qpid message broker will expire after fifteen months: twelve months are the default value used by the nss-db-gen script, plus the default three-month expiration provided by /usr/bin/certutil. Once the certificate has expired, the CDS servers will no longer be able to sync content with the RHUA server.

  • CDS sync fails with error sslv3 alert certificate expired due to expired qpid CA certificates on RHUI 2, How to regenerate qpid certificates?


  • Red Hat Update Infrastructure (RHUI) 2.0 or later

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In