Bug 102059 - Expired ceritificate on xmlrpc.rhn.redhat.com fails up2date
Expired ceritificate on xmlrpc.rhn.redhat.com fails up2date
Product: Red Hat Linux
Classification: Retired
Component: up2date (Show other bugs)
i686 Linux
high Severity high
: ---
: ---
Assigned To: Adrian Likins
Fanny Augustin
Depends On:
  Show dependency treegraph
Reported: 2003-08-10 01:34 EDT by Yuval Pemper
Modified: 2005-10-31 17:00 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-08-12 15:57:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Yuval Pemper 2003-08-10 01:34:54 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
When I run

up2date -u --nox

I get the follwoing error:

There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed')]
A common cause of this error is the system time being incorrect. Verify that the
time on this system is correct.

The time on my system is synced via NTP and is accurate (double checked that).

I sniffed traffic from my PC while running up2date and saw that the SSL
handshake between the up2date agent and xmlrpc.rhn.redhat.com fails because of
an expired certificate. Indeed, the certificate's details, as reported by
"openssl x509 -text" are: 

        Version: 3 (0x2)
        Serial Number: 28 (0x1c)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=North Carolina, L=Research Triangle Park, O=Red Hat,
Inc., OU=Red Hat Network Services, CN=RHNS Certificate
            Not Before: Aug 10 04:05:18 2002 GMT
            Not After : Aug 10 04:05:18 2003 GMT
        Subject: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat
Network, CN=www.rhns.redhat.com/emailAddress=rhn-noc@redhat.com

The time as I'm writing this email is August 10, 5:32 GMT. As u can see, the
certificate expired a little over an hour ago...

Yuval Pemper

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
See above.

Additional info:
Comment 1 Adrian Likins 2003-08-12 15:57:05 EDT
Certificate is now updated. 

Note You need to log in before you can comment on or make changes to this bug.