Bug 102265

Summary: SSL error: certificate verify failed
Product: [Retired] Red Hat Linux Reporter: Frank Mancuso <umbrella>
Component: up2dateAssignee: Adrian Likins <alikins>
Status: CLOSED WORKSFORME QA Contact: Fanny Augustin <fmoquete>
Severity: low Docs Contact:
Priority: medium    
Version: 8.0CC: gafton, mihai.ibanescu
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-08-23 18:46:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Frank Mancuso 2003-08-13 01:34:57 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Description of problem:
This is a fresh install of redhat 8.0 , no GUI installed. When I run up2date it 
gave me options and I accept the default options and hit enter than it went 
into the setup of registar and thats when I got the error.

rpm -q openssl = openssl-0.9.6b-29
rpm -q openssl-devel = openssl-devel-0.9.6b-29
rpm -q up2date = up2date-3.0.7.1-2

There was an SSL error: [('SSL 
routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

Version-Release number of selected component (if applicable):
up2date-3.0.7.1-2

How reproducible:
Didn't try


Additional info:
Comment 1 Mihai Ibanescu 2003-08-13 13:06:10 UTC 
Try:

openssl s_client -connect xmlrpc.rhn.redhat.com:443 -CAfile
/usr/share/rhn/RHNS-CA-CERT

(on a single line)

The last line produced by the above should read:

    Verify return code: 0 (ok)

If it doesn't, please paste what the error is.
This error generally appears when your system clock is way off (as in off by a
year or two).
Comment 2 Frank Mancuso 2003-08-13 14:47:16 UTC 
This is what I get

CONNECTED(00000003)
depth=1 /C=US/ST=North Carolina/L=Research Triangle Park/O=Red Hat, Inc./OU=Red 
Hat Network Services/CN=RHNS Certificate Authority/Email=rhns
verify return:1
depth=0 /C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat 
Network/CN=www.rhns.redhat.com/Email=rhn-noc
verify error:num=9:certificate is not yet valid
notBefore=Aug 10 06:50:59 2003 GMT
verify return:1
depth=0 /C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat 
Network/CN=www.rhns.redhat.com/Email=rhn-noc
notBefore=Aug 10 06:50:59 2003 GMT
verify return:1
---
Certificate chain
 0 s:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat 
Network/CN=www.rhns.redhat.com/Email=rhn-noc
   i:/C=US/ST=North Carolina/L=Research Triangle Park/O=Red Hat, Inc./OU=Red 
Hat Network Services/CN=RHNS Certificate Authority/Email=rhns
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEfjCCA+egAwIBAgIBKDANBgkqhkiG9w0BAQQFADCBxzELMAkGA1UEBhMCVVMx
FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMR8wHQYDVQQHExZSZXNlYXJjaCBUcmlh
bmdsZSBQYXJrMRYwFAYDVQQKEw1SZWQgSGF0LCBJbmMuMSEwHwYDVQQLExhSZWQg
SGF0IE5ldHdvcmsgU2VydmljZXMxIzAhBgNVBAMTGlJITlMgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9yaG5zQHJlZGhhdC5jb20wHhcNMDMw
ODEwMDY1MDU5WhcNMDQwODA5MDY1MDU5WjCBqzELMAkGA1UEBhMCVVMxFzAVBgNV
BAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1S
ZWQgSGF0LCBJbmMuMRgwFgYDVQQLEw9SZWQgSGF0IE5ldHdvcmsxHDAaBgNVBAMT
E3d3dy5yaG5zLnJlZGhhdC5jb20xITAfBgkqhkiG9w0BCQEWEnJobi1ub2NAcmVk
aGF0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+R2Sr7c6Zm0hqhA
VkVJnAmOSBArcaJwtI0nf9nVfVZoCaeI+rIyvDhBC4A7D2dv1stBoe8Cp+LKseJ2
xfqVypXRWkKh59NvQY80ZUX3V1RQgNURc2U8XJuQ/aWR0G7syrs188M+gBRHxQIE
J/DcSdPb1Y5etRu5jEFUWC68vfcCAwEAAaOCAZIwggGOMAkGA1UdEwQCMAAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIGQDAL
BgNVHQ8EBAMCBaAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
cnRpZmljYXRlMB0GA1UdDgQWBBSluuIj4jiGUO0wP9l50G+b6QbVnDCB9AYDVR0j
BIHsMIHpgBRUFc2fLPfsDR/SqL5MB6yIPvubCqGBzaSByjCBxzELMAkGA1UEBhMC
VVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMR8wHQYDVQQHExZSZXNlYXJjaCBU
cmlhbmdsZSBQYXJrMRYwFAYDVQQKEw1SZWQgSGF0LCBJbmMuMSEwHwYDVQQLExhS
ZWQgSGF0IE5ldHdvcmsgU2VydmljZXMxIzAhBgNVBAMTGlJITlMgQ2VydGlmaWNh
dGUgQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9yaG5zQHJlZGhhdC5jb22CAQAw
DQYJKoZIhvcNAQEEBQADgYEAi4sWBvreFeIP4/sF162IbWVd8Y2fNJa278xYHq6K
cjFJgNR7fUHF4j5f7luohmOG2z6lCtjVJL8+8JLqVCQ1HU2488AJrye05lfzP3mz
MQrvo9R1PbflXM7yCsH3QSGpSpI3IuEwy+cpG472P2AsDLB2vkX1ye2GEP0ya5b2
6cM=
-----END CERTIFICATE-----
subject=/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat 
Network/CN=www.rhns.redhat.com/Email=rhn-noc
issuer=/C=US/ST=North Carolina/L=Research Triangle Park/O=Red Hat, Inc./OU=Red 
Hat Network Services/CN=RHNS Certificate Authority/Email=rhns
---
No client certificate CA names sent
---
SSL handshake has read 1308 bytes and written 314 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DES-CBC3-SHA
    Session-ID: CB2C05958DFE7D8FDC01D4C0595AD629A18FC588AB5679C9B1657B60525E8268
    Session-ID-ctx: 
    Master-Key: 
630AD73FD2CF8B9DE302DA9F6CC96F82EE308B35783BA01AC80DC0C1B04F6D804F794E68F490415E
65A8773A76C0863F
    Key-Arg   : None
    Start Time: 1054393451
    Timeout   : 300 (sec)
    Verify return code: 9 (certificate is not yet valid)
---
Comment 3 Mihai Ibanescu 2003-08-13 14:52:41 UTC 
Certificate not yet valid? :-)

As you can see, the certificate date starts with Aug 10 06:50:59 2003 GMT
I bet your system date is earlier than that.
Comment 4 Adrian Likins 2004-08-23 18:46:27 UTC 
closing (no other reports of this, and the date looks
like a likely culprit, and no further comments)