Environment
Novell ZENworks 11 Patch Management
SUSE Linux Enterprise Server 10 Service Pack 3
SUSE Linux Enterprise Server 11 Service Pack 1
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 1
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
SUSE Linux Enterprise Server 10 Service Pack 3
SUSE Linux Enterprise Server 11 Service Pack 1
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 1
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Situation
When adding a yum repository (created on ZCM11) with rug you will receive the following:
rug sa -t yum https://zcm11/zenworks-yumrepo/OES2-SP2-Online-bundle OES2-SP2-Online-bundle
Adding YUM service https://zcm11/zenworks-yumrepo/OES2-SP2-Online-bundle...
0%
ERROR: Could not add 'https://zcm11/zenworks-yumrepo/OES2-SP2-Online-bundle': Download failed: (https://zcm11/zenworks-yumrepo/OES2-SP2-Online-bundle/repodata/repomd.xml) Invalid certificate received form server.
When using YaST(2) you will get the message:
Unknown source type for https://zcm11/zenworks-yumrepo/OES2-SP3-Online-bundle
and in the /var/log/YaST2/y2log you will see the following:
2011-02-16 15:54:57 <1> lxluoes51-de(16359) [YCP] PackageCallbacks.ycp:1092 Source probe end: error: url: https://zcm11/zenworks-yumrepo/OES2-SP3-Online-bundle, error: IO, description: Unknown source type for https://zcm11/zenworks-yumrepo/OES2-SP3-Online-bundle
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 Error message: SSL certificate problem, verify that the CA cert is OK. Details:
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 MediaCurl.cc(getDoesFileExist):885 RETHROW: MediaCurl.cc(getDoesFileExist):880: Download (curl) error for 'https://zcm11/zenworks-yumrepo/OES2-SP3-Online-bundle/content':
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 Error code:
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 Error message: SSL certificate problem, verify that the CA cert is OK. Details:
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
rug sa -t yum https://zcm11/zenworks-yumrepo/OES2-SP2-Online-bundle OES2-SP2-Online-bundle
Adding YUM service https://zcm11/zenworks-yumrepo/OES2-SP2-Online-bundle...
0%
ERROR: Could not add 'https://zcm11/zenworks-yumrepo/OES2-SP2-Online-bundle': Download failed: (https://zcm11/zenworks-yumrepo/OES2-SP2-Online-bundle/repodata/repomd.xml) Invalid certificate received form server.
When using YaST(2) you will get the message:
Unknown source type for https://zcm11/zenworks-yumrepo/OES2-SP3-Online-bundle
and in the /var/log/YaST2/y2log you will see the following:
2011-02-16 15:54:57 <1> lxluoes51-de(16359) [YCP] PackageCallbacks.ycp:1092 Source probe end: error: url: https://zcm11/zenworks-yumrepo/OES2-SP3-Online-bundle, error: IO, description: Unknown source type for https://zcm11/zenworks-yumrepo/OES2-SP3-Online-bundle
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 Error message: SSL certificate problem, verify that the CA cert is OK. Details:
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 MediaCurl.cc(getDoesFileExist):885 RETHROW: MediaCurl.cc(getDoesFileExist):880: Download (curl) error for 'https://zcm11/zenworks-yumrepo/OES2-SP3-Online-bundle/content':
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 Error code:
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 Error message: SSL certificate problem, verify that the CA cert is OK. Details:
2011-02-16 15:54:57 <5> lxluoes51-de(16359) [base] Exception.cc(log):94 error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Resolution
The problem is caused because YaST and ZDM are not trusting the link provided as this is https. There are no problems using http.
This problem can be solved using the following steps:
This problem can be solved using the following steps:
- copy the following file from the ZCM 11 server to the server where the yum-repository should be installed (e.g. to /root) :
- /etc/opt/novell/zenworks/security/ca.der
- change to the directory where the file has been copied to. The .der file need to be converted to .pem. Use the following command:
- openssl x509 -inform der -in ca.der -out ca.pem
- the content of the ca.pem should be added to /usr/share/curl/curl-ca-bundle.crt. Use the following command:
- cat ca.pem >>/usr/share/curl/curl-ca-bundle.crt