Bug 102265
Summary: | SSL error: certificate verify failed | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Frank Mancuso <umbrella> |
Component: | up2date | Assignee: | Adrian Likins <alikins> |
Status: | CLOSED WORKSFORME | QA Contact: | Fanny Augustin <fmoquete> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 8.0 | CC: | gafton, mihai.ibanescu |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-08-23 18:46:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Frank Mancuso
2003-08-13 01:34:57 UTC
Try: openssl s_client -connect xmlrpc.rhn.redhat.com:443 -CAfile /usr/share/rhn/RHNS-CA-CERT (on a single line) The last line produced by the above should read: Verify return code: 0 (ok) If it doesn't, please paste what the error is. This error generally appears when your system clock is way off (as in off by a year or two). This is what I get CONNECTED(00000003) depth=1 /C=US/ST=North Carolina/L=Research Triangle Park/O=Red Hat, Inc./OU=Red Hat Network Services/CN=RHNS Certificate Authority/Email=rhns verify return:1 depth=0 /C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=www.rhns.redhat.com/Email=rhn-noc verify error:num=9:certificate is not yet valid notBefore=Aug 10 06:50:59 2003 GMT verify return:1 depth=0 /C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=www.rhns.redhat.com/Email=rhn-noc notBefore=Aug 10 06:50:59 2003 GMT verify return:1 --- Certificate chain 0 s:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=www.rhns.redhat.com/Email=rhn-noc i:/C=US/ST=North Carolina/L=Research Triangle Park/O=Red Hat, Inc./OU=Red Hat Network Services/CN=RHNS Certificate Authority/Email=rhns --- Server certificate -----BEGIN CERTIFICATE----- MIIEfjCCA+egAwIBAgIBKDANBgkqhkiG9w0BAQQFADCBxzELMAkGA1UEBhMCVVMx FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMR8wHQYDVQQHExZSZXNlYXJjaCBUcmlh bmdsZSBQYXJrMRYwFAYDVQQKEw1SZWQgSGF0LCBJbmMuMSEwHwYDVQQLExhSZWQg SGF0IE5ldHdvcmsgU2VydmljZXMxIzAhBgNVBAMTGlJITlMgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9yaG5zQHJlZGhhdC5jb20wHhcNMDMw ODEwMDY1MDU5WhcNMDQwODA5MDY1MDU5WjCBqzELMAkGA1UEBhMCVVMxFzAVBgNV BAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1S ZWQgSGF0LCBJbmMuMRgwFgYDVQQLEw9SZWQgSGF0IE5ldHdvcmsxHDAaBgNVBAMT E3d3dy5yaG5zLnJlZGhhdC5jb20xITAfBgkqhkiG9w0BCQEWEnJobi1ub2NAcmVk aGF0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+R2Sr7c6Zm0hqhA VkVJnAmOSBArcaJwtI0nf9nVfVZoCaeI+rIyvDhBC4A7D2dv1stBoe8Cp+LKseJ2 xfqVypXRWkKh59NvQY80ZUX3V1RQgNURc2U8XJuQ/aWR0G7syrs188M+gBRHxQIE J/DcSdPb1Y5etRu5jEFUWC68vfcCAwEAAaOCAZIwggGOMAkGA1UdEwQCMAAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIGQDAL BgNVHQ8EBAMCBaAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl cnRpZmljYXRlMB0GA1UdDgQWBBSluuIj4jiGUO0wP9l50G+b6QbVnDCB9AYDVR0j BIHsMIHpgBRUFc2fLPfsDR/SqL5MB6yIPvubCqGBzaSByjCBxzELMAkGA1UEBhMC VVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMR8wHQYDVQQHExZSZXNlYXJjaCBU cmlhbmdsZSBQYXJrMRYwFAYDVQQKEw1SZWQgSGF0LCBJbmMuMSEwHwYDVQQLExhS ZWQgSGF0IE5ldHdvcmsgU2VydmljZXMxIzAhBgNVBAMTGlJITlMgQ2VydGlmaWNh dGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9yaG5zQHJlZGhhdC5jb22CAQAw DQYJKoZIhvcNAQEEBQADgYEAi4sWBvreFeIP4/sF162IbWVd8Y2fNJa278xYHq6K cjFJgNR7fUHF4j5f7luohmOG2z6lCtjVJL8+8JLqVCQ1HU2488AJrye05lfzP3mz MQrvo9R1PbflXM7yCsH3QSGpSpI3IuEwy+cpG472P2AsDLB2vkX1ye2GEP0ya5b2 6cM= -----END CERTIFICATE----- subject=/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=www.rhns.redhat.com/Email=rhn-noc issuer=/C=US/ST=North Carolina/L=Research Triangle Park/O=Red Hat, Inc./OU=Red Hat Network Services/CN=RHNS Certificate Authority/Email=rhns --- No client certificate CA names sent --- SSL handshake has read 1308 bytes and written 314 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : DES-CBC3-SHA Session-ID: CB2C05958DFE7D8FDC01D4C0595AD629A18FC588AB5679C9B1657B60525E8268 Session-ID-ctx: Master-Key: 630AD73FD2CF8B9DE302DA9F6CC96F82EE308B35783BA01AC80DC0C1B04F6D804F794E68F490415E 65A8773A76C0863F Key-Arg : None Start Time: 1054393451 Timeout : 300 (sec) Verify return code: 9 (certificate is not yet valid) --- Certificate not yet valid? :-) As you can see, the certificate date starts with Aug 10 06:50:59 2003 GMT I bet your system date is earlier than that. closing (no other reports of this, and the date looks like a likely culprit, and no further comments) |