Getting SSL error when trying to run satellite-sync or while activating a satellite certificate

Solution Verified - Updated -

Environment

  • Red Hat Satellite
  • Satellite-sync

Issue

  • Satellite certificate activation fails with Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
  • satellite-sync fails with following error :
02:46:23 Red Hat Network Satellite - live synchronization
02:46:23    url: https://satellite.rhn.redhat.com
02:46:23    debug/output level: 1
ERROR: there was a problem synchronizing the information.
       Error message: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

Resolution

  • Verify that /etc/rhn/rhn.conf file has the correct hostname specified in the server.satellite.rhn_parent field as mentioned below: 
traceback_mail = root@localhost.com
mount_point = /var/satellite
kickstart_mount_point = /var/satellite
repomd_cache_mount_point = /var/cache 
server.satellite.rhn_parent = satellite.rhn.redhat.com           <-------

  • Other hostnames such as rhn.redhat.com or xmlrpc.rhn.redhat.com may have worked in the past, but should no longer be used.

  • Confirm whether proxy or firewall is not blocking the communication between RHN and Satellite Server.

  • Edit /etc/sysconfig/rhn/up2date file and change serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC to serverURL=http://xmlrpc.rhn.redhat.com/XMLRPC (removed 's' from https) and also add useNoSSLForPackages=1 and save the file

  • Upgrade/re-install rhn-client-tools package

  • Disable Location Aware Update

Root Cause

  • Under /etc/rhn/rhn.conf server.satellite.rhn_parent should point to satellite.rhn.redhat.com.

Diagnostic Steps

  • If a proxy is being used when running satellite sync double check that is is functional:
   # nc -v -w2 -x proxy_address[:port] satellite.rhn.redhat.com 80
   # nc -v -w2 -x proxy_address[:port] satellite.rhn.redhat.com 443

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.