Bug 623470

Summary: Under x86_64, RHEL yum update fails with: Error: certificate verify failed
Product: Red Hat Enterprise Linux 5 Reporter: Forrest Aldrich <faldrich>
Component: yum-rhn-pluginAssignee: Miroslav Suchý <msuchy>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: low    
Version: 5.5CC: slukasik
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-08-13 15:19:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Forrest Aldrich 2010-08-11 20:45:20 UTC 
Description of problem:

We installed 3 new rhel 5.5 systems yesterday; each of which are generating this error " Error: certificate verify failed" in response to a basic "yum update". From what I can gather, via a general search, this may be isolated to x86_64 -- however the references I found were specific to Satellite Server (which we are not using). Never the less, I checked the PATHs for the cert and they are correct.

All of our 32 bit systems are running RHEL 5.5 and this is not a problem on any of them.


Version-Release number of selected component (if applicable):

yum version 3.2.22

How reproducible:

Type "yum update" as root.

Steps to Reproduce:
1.
2.
3.
  
Actual results:

# yum clean all
Loaded plugins: rhnplugin, security
Cleaning up Everything

# yum update
Loaded plugins: rhnplugin, security
rhel-x86_64-server-5                                                                      | 1.4 kB     00:00     
Error: certificate verify failed

Expected results:

Expected successful update with current system patches.

Additional info:
Comment 1 Miroslav Suchý 2010-08-12 08:45:08 UTC 
You are using rhn.redhat.com or satellite?

In other words, can you post output of:
grep serverURL /etc/sysconfig/rhn/up2date
grep sslCACert /etc/sysconfig/rhn/up2date
Comment 2 Forrest Aldrich 2010-08-12 17:53:59 UTC 
We do not use Satellite Server.  This installation image for x86_64 was downloaded directly from the redhat.com site as of 2 days ago.  There were no other changes made.

In reference to the requested info:

# grep serverURL /etc/sysconfig/rhn/up2date

serverURL[comment]=Remote server URL
serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC
disallowConfChanges=noReboot;sslCACert;useNoSSLForPackages;noSSLServerURL;serverURL;disallowConfChanges;


# grep sslCACert /etc/sysconfig/rhn/up2date 

disallowConfChanges=noReboot;sslCACert;useNoSSLForPackages;noSSLServerURL;serverURL;disallowConfChanges;
sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHNS-CA-CERT
Comment 3 Miroslav Suchý 2010-08-13 15:19:28 UTC 
Your settings are indeed correct. But we could not reproduce it. If you are still getting this error, then I would suggest you to contact customer service, which can help you diagnose the problem.
I'm closing this bugzilla as I do not have enough data to reproduce it.