Registering a RHEL system via RHSM through a firewall or proxy fails with 'Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)' error

Solution Verified - Updated -

Issue

Registering a RHEL system via RHSM through a firewall or proxy fails with the following error:

Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)

The following backtrace is logged in /var/log/rhsm/rhsm.log:

2021-12-23 16:48:22,591 [ERROR] dnf:1905:MainThread @repolib.py:358 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
Traceback (most recent call last):
  File "/usr/lib64/python3.6/site-packages/subscription_manager/repolib.py", line 355, in __init__
    self.override_supported = 'content_overrides' in get_supported_resources(uep=None, identity=self.identity)
  File "/usr/lib64/python3.6/site-packages/subscription_manager/utils.py", line 245, in get_supported_resources
    return cache.read_data(uep, identity)
  File "/usr/lib64/python3.6/site-packages/subscription_manager/cache.py", line 906, in read_data
    current_data = self._sync_with_server(uep=uep, consumer_uuid=identity.uuid)
  File "/usr/lib64/python3.6/site-packages/subscription_manager/cache.py", line 1014, in _sync_with_server
    return uep.get_supported_resources()
  File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 990, in get_supported_resources
    self._load_supported_resources()
  File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 978, in _load_supported_resources
    resources_list = self.conn.request_get("/")
  File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 906, in request_get
    return self._request("GET", method, headers=headers, cert_key_pairs=cert_key_pairs)
  File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 932, in _request
    info=info, headers=headers, cert_key_pairs=cert_key_pairs)
  File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 728, in _request
    conn.request(request_type, handler, body=body, headers=final_headers)
  File "/usr/lib64/python3.6/http/client.py", line 1269, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1315, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1264, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1040, in _send_output
    self.send(msg)
  File "/usr/lib64/python3.6/http/client.py", line 978, in send
    self.connect()
  File "/usr/lib64/python3.6/http/client.py", line 1437, in connect
    server_hostname=server_hostname)
  File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
    self.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)

Environment

  • Red Hat Enterprise Linux
  • Red Hat Subscription Management (RHSM)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content