Certificates in yum

**mpolo** · 17th September 2010, 08:47 PM

My organization just moved to using a zscaler proxy system. Basically, I have to use a .pac file in Firefox to get onto the proxy, which directs me to a series of two Flash pages, one to input my username, one for the password.

After reading through the .pac file, I was able to get some command-line things to work by specifying the proxy given at the end. However, this server uses an SSL certificate that is not emitted by an authority, but rather directly by our organization. In Firefox, I had to import this certificate to enable https:// browsing.

Is there any way to "import" this certificate so that yum can use it? Because yum freezes with the error:

Code:

Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=fedora-13&arch=x86_64 error was
14: Peer cert cannot be verified or peer cert invalid

Thanks for any help!

**Discov3ry** · 17th September 2010, 08:50 PM

I wonder if instead of using mirrors you could use the baseurl, which is non-ssl. Try uncommenting the #baseurl line in /etc/yum.repos.d/fedora.repo and commenting out the 'mirrorlist' line.

**mpolo** · 17th September 2010, 09:28 PM

That seems to be working. Thanks for the idea!

(Although I still wonder if there is an answer to the original question...)

**Discov3ry** · 17th September 2010, 09:31 PM

Yeah, I forgot to mention that it only seems like a temporary workaround, your original issue is still in place. This could very well be a bug that yum doesn't honor self-signed certs.

***PabloTwo*** · 18th September 2010, 12:02 AM

See 'man yum.conf'

sslcacert Path to the directory containing the databases of the certificate authorities yum should
use to verify SSL certificates. Defaults to none - uses system default

sslverify Boolean - should yum verify SSL certificates/hosts at all. Defaults to True

sslclientcert Path to the SSL client certificate yum should use to connect to repos/remote sites
Defaults to none.

proxy URL to the proxy server that yum should use.

proxy_username username to use for proxy

proxy_password password for this proxy

**mpolo** · 18th September 2010, 02:10 AM

Great. I was now able to use the mirrors. Thanks a lot!

**summermonsoon** · 25th February 2011, 12:40 PM

hello

how did you solved the problem

**shade0o** · 16th November 2011, 04:19 AM

Getting same problem with f16 now. some information would be nice

**code933k** · 17th November 2011, 09:29 AM

Originally Posted by shade0o

Getting same problem with f16 now. some information would be nice

They suggested clearly (man yum.conf):
Edit your

Code:

/etc/yum.conf

file, adding

Code:

sslverify=False

This is a temporary workaround. Don't forget to remove, comment or switch to

Code:

True

that line after a while as this step voids proper server checking and is a security risk.

Certificates in yum

Thread Tools

Search Thread

Display

Certificates in yum

Re: Certificates in yum

Re: Certificates in yum

Re: Certificates in yum

Re: Certificates in yum

Re: Certificates in yum

Re: Certificates in yum

Re: Certificates in yum

Re: Certificates in yum

Similar Threads

Wildcard SSL certificates

Certificates

FC4 and SSL Certificates

Tags for this Thread

Posting Permissions

User Tag List