Why does yum fail with error Peer's certificate issuer has been marked as not trusted by the user?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7
  • yum

Issue

  • Getting the following error while running yum.

    curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."
    

Resolution

  • Allow below hostnames/ports on the outgoing network firewall to have a fully working yum:

    subscription.rhn.redhat.com:443 [https]
    cdn.redhat.com:443 [https]
    *.akamaiedge.net:443 [https]
    
  • Add the Red Hat's CA cert in the External Firewall Cert to get the outgoing traffic allowed for yum.

    • Red Hat's certificate file is redhat-uep.pem which can be found under /etc/rhsm/ca/redhat-uep.pem

Root Cause

  • The Self Signed Ceritficate of Firewall was replacing Red Hat's redhat-uep.pem certificate with its own when the server was trying to contact Content Delivery Network(CDN) via yum which in turn was denied by as not trusted.

Diagnostic Steps

  • Take output of below openssl command and check whether the CA certificate /etc/rhsm/ca/redhat-uep.pem is being changed by the Firewall Cert leading to the error.

    # openssl s_client -connect cdn.redhat.com:443 -CAfile /etc/rhsm/ca/redhat-uep.pem
    
  • Component
  • yum

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

1 Comments

In this case, our proxy is not intercepting the certificate.