Red Hat Bugzilla – Bug 102059
Expired ceritificate on xmlrpc.rhn.redhat.com fails up2date
Last modified: 2005-10-31 17:00:50 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225
Description of problem:
When I run
up2date -u --nox
I get the follwoing error:
There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed')]
A common cause of this error is the system time being incorrect. Verify that the
time on this system is correct.
The time on my system is synced via NTP and is accurate (double checked that).
I sniffed traffic from my PC while running up2date and saw that the SSL
handshake between the up2date agent and xmlrpc.rhn.redhat.com fails because of
an expired certificate. Indeed, the certificate's details, as reported by
"openssl x509 -text" are:
Version: 3 (0x2)
Serial Number: 28 (0x1c)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=North Carolina, L=Research Triangle Park, O=Red Hat,
Inc., OU=Red Hat Network Services, CN=RHNS Certificate
Not Before: Aug 10 04:05:18 2002 GMT
Not After : Aug 10 04:05:18 2003 GMT
Subject: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat
The time as I'm writing this email is August 10, 5:32 GMT. As u can see, the
certificate expired a little over an hour ago...
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Certificate is now updated.