Registering a RHEL system via RHSM through a firewall or proxy fails with 'Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)' error

Solution Verified - Updated -

Issue

  • Registering a RHEL system via RHSM through a firewall or proxy fails with the following error:

    Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)

  • The following backtrace is logged in /var/log/rhsm/rhsm.log:

    2021-12-23 16:48:22,591 [ERROR] dnf:1905:MainThread @repolib.py:358 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
Traceback (most recent call last):
 File "/usr/lib64/python3.6/site-packages/subscription_manager/repolib.py", line 355, in __init__
   self.override_supported = 'content_overrides' in get_supported_resources(uep=None, identity=self.identity)
 File "/usr/lib64/python3.6/site-packages/subscription_manager/utils.py", line 245, in get_supported_resources
   return cache.read_data(uep, identity)
 File "/usr/lib64/python3.6/site-packages/subscription_manager/cache.py", line 906, in read_data
   current_data = self._sync_with_server(uep=uep, consumer_uuid=identity.uuid)
 File "/usr/lib64/python3.6/site-packages/subscription_manager/cache.py", line 1014, in _sync_with_server
   return uep.get_supported_resources()
 File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 990, in get_supported_resources
   self._load_supported_resources()
 File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 978, in _load_supported_resources
   resources_list = self.conn.request_get("/")
 File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 906, in request_get
   return self._request("GET", method, headers=headers, cert_key_pairs=cert_key_pairs)
 File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 932, in _request
   info=info, headers=headers, cert_key_pairs=cert_key_pairs)
 File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 728, in _request
   conn.request(request_type, handler, body=body, headers=final_headers)
 File "/usr/lib64/python3.6/http/client.py", line 1269, in request
   self._send_request(method, url, body, headers, encode_chunked)
 File "/usr/lib64/python3.6/http/client.py", line 1315, in _send_request
   self.endheaders(body, encode_chunked=encode_chunked)
 File "/usr/lib64/python3.6/http/client.py", line 1264, in endheaders
   self._send_output(message_body, encode_chunked=encode_chunked)
 File "/usr/lib64/python3.6/http/client.py", line 1040, in _send_output
   self.send(msg)
 File "/usr/lib64/python3.6/http/client.py", line 978, in send
   self.connect()
 File "/usr/lib64/python3.6/http/client.py", line 1437, in connect
   server_hostname=server_hostname)
 File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
   _context=self, _session=session)
 File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
   self.do_handshake()
 File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
   self._sslobj.do_handshake()
 File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
   self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)

Environment

  • Red Hat Enterprise Linux
  • Red Hat Subscription Management (RHSM)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content