yum https repository error no. 14

Issues related to configuring your network
Post Reply
mahmood
Posts: 122
Joined: 2017/06/04 12:21:09

yum https repository error no. 14

Post by mahmood » 2018/01/09 16:00:18

There is a repo in my yum repository which uses https. The repo contains

Code: Select all

[Rocks-7.0]
name=Rocks 7.0
baseurl=https://10.1.1.1/install/rocks-dist/x86_64
enabled = 1
gpgcheck = 0
skip_if_unavailable = 1
When I run yum makecache, I get this error

Code: Select all

Loaded plugins: fastestmirror, langpacks
https://10.1.1.1/install/rocks-dist/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."

That file actually exists on the server

Code: Select all

# ls /export/rocks/install/rocks-dist/x86_64/repodata/repomd.xml -l
-rw-r--r-- 1 root root 3716 Jan  8 03:35 /export/rocks/install/rocks-dist/x86_64/repodata/repomd.xml
That error message is discussed on the web did I didn't finally find a solution for centos 7. Any thought?
Last edited by mahmood on 2018/01/09 16:32:59, edited 1 time in total.

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: yum https repository error no. 14

Post by avij » 2018/01/09 16:14:57

You should either replace 10.1.1.1 with the hostname of the server (the same hostname that is included in the certificate), or just forget about https and use http instead.

Alternatively, don't use https or http at all. If the files are accessible locally, use baseurl=file:///export/rocks/install/rocks-dist/x86_64

mahmood
Posts: 122
Joined: 2017/06/04 12:21:09

Re: yum https repository error no. 14

Post by mahmood » 2018/01/09 16:19:39

With http, it says

Code: Select all

http://10.1.1.1/install/rocks-dist/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 302
With FQDN (I think I specified that for the certificate), it says the same error as the first post.
How can I check what I used for the certificate?

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: yum https repository error no. 14

Post by avij » 2018/01/09 16:52:46

Code: Select all

$ host www.centos.org
www.centos.org has address 85.12.30.226
www.centos.org has IPv6 address 2a01:788:a002:0:225:90ff:fe33:f34c

$ echo "" | openssl s_client -connect 85.12.30.226:443 | grep subject | grep CN=
...
subject=/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc./CN=centos.org
See the CN= field.

mahmood
Posts: 122
Joined: 2017/06/04 12:21:09

Re: yum https repository error no. 14

Post by mahmood » 2018/01/09 17:06:00

OK. My domain exists but the subdomain doesn't exists!

Code: Select all

# echo "" | openssl s_client -connect 10.1.1.1:443 | grep subject | grep CN=
depth=0 C = ir, CN = rocks-7.scu.ac.ir
verify error:num=18:self signed certificate
verify return:1
What should I do? When I used that CN, I get the same error

Code: Select all

[root@rocks-7 ~]# cat /etc/yum.repos.d/rocks-local.repo 
[Rocks-7.0]
name=Rocks 7.0
baseurl=https://rocks-7.scu.ac.ir/install/rocks-dist/x86_64
enabled = 1
gpgcheck = 0
skip_if_unavailable = 1
[root@rocks-7 ~]# yum makecache
Loaded plugins: fastestmirror, langpacks
https://rocks-7.scu.ac.ir/install/rocks-dist/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: yum https repository error no. 14

Post by avij » 2018/01/09 17:29:01

If your certificate is not signed by a valid certificate authority, you can probably add sslverify=0 to your repo file to skip the check.

It's possible that your subdomain is included in the certificate as an alternative name. The command I gave only displays the first entry.

mahmood
Posts: 122
Joined: 2017/06/04 12:21:09

Re: yum https repository error no. 14

Post by mahmood » 2018/01/09 17:49:16

You are right. Thanks

Post Reply