System connection to RHN fails with "The certificate is expired", or "certificate verify failed" errors

Updated 2015-04-01T08:43:20+00:00

Issue

  • Systems running RHEL 5 report the following error when using yum or trying to register the system with RHN:

    "The certificate is expired. Please ensure you have the correct certificate and you system time is correct."
    
  • The cron job for rhn-virtualization-host generates the following message:

    up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The certificate is expired. Please ensure you have the correct certificate and your system time is correct.
    
  • rhn_check fails with error similar to:

    [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
    
  • ssl certificate failed verification messages appear in the log every 2 seconds

  • Cannot install or update software packages via yum, which returns the following error:

    up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The certificate is expired. Please ensure you have the correct certificate and your system time is correct.
    
  • rhn_register fails with the error :

    rhn_register ERROR: can not find RHNS CA file: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
    The certificate /usr/share/rhn/RHNS-CA-CERT is expired. Please ensure you have the correct certificate and your system time is correct.
    

Environment

  • Red Hat Enterprise Linux (RHEL) 5.4 or earlier
  • Red Hat Network (RHN) Classic
  • rhn-client-tools of a version prior to 0.4.19-17.el5_3.1 (RHEL5.3 Advanced mission critical only)
  • rhn-client-tools of a version prior to 0.4.20-33.el5 (RHEL5)
  • up2date of a version prior to 4.9.1-30.el4 (RHEL4)
  • up2date of a version prior to 4.5.5-18.el3 (RHEL3)

Subscriber content preview. For full access to the Red Hat Knowledgebase, please log in.

Not a subscriber? Learn more about the benefits of Red Hat Subscriptions.