[Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."

Solution Verified - Updated

Environment

  • Red Hat Enterprise Linux
  • Red Hat Satellite 6

Issue

  • yum transactions fail with [Errno 14] curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."
  • When creating a custom ISO image based on current release getting the following error:

This content is not included.https://cdn.redhat.com/content/dist/rhel/server/7/3/x86_64/os/repodata/repomd.xml:%20[Errno%2014]%20curl#60%20-%20%22Peer's

Resolution

  • Step 1: Remove the entry of the following line from /etc/yum.conf and from /etc/dnf/dnf.conf file:

    http_proxy=<proxy.com>:8080

  • Step 2: Edit the /etc/rhsm/rhsm.conf file on the client server if in case the client server is registered to Satellite and change the baseurl parameter as below if the path is incorrect.

    # vi /etc/rhsm/rhsm.conf
baseurl= https://<satellite_fqdn>/pulp/content/

  • Step 3: Check if the system is self-registered and check for third-party repositories present under /etc/yum.repos.d/redhat.repo. Then move it to /tmp folder as below:

    # cd /etc/yum.repos.d
# mv redhat.repo /tmp/
# subscription-manager unsubscribe --all
# subscription-manager unregister
# subscription-manager clean
# subscription-manager register --org="Default_Organization" --environment="Library"

  • Note: In the above command replace organization and environment as per suitable to your satellite.

  • Step 4: Now, attach a subscription to the registered system:

    # subscription-manager subscribe --pool=Red_Hat_Satellite_Pool_Id \
&& subscription-manager subscribe --pool=Red_Hat_Enterprise_Linux_Pool_Id \
&& subscription-manager subscribe \
--pool=Red_Hat_Enterprise_Linux_Software_Collections_Pool_Id

  • Step 5: Disable all existing repositories:

    # subscription-manager repos --disable "*"

  • Step 6: Attach the necessary subscriptions: 

     # subscription-manager repos --enable=rhel-7-server-rpms \
--enable=rhel-7-server-satellite-6.10-rpms \
--enable=rhel-7-server-satellite-maintenance-6-rpms \
--enable=rhel-server-rhscl-7-rpms \
--enable=rhel-7-server-ansible-2.9-rpms

  • Step 7: Clear out the yum cache:

    # rm -rf /var/cache/yum/*

  • Step 8: Restart the katello service:

    # katello-service restart

  • Step 9:

    # yum repolist

    NOTE: Make sure the correct date and time are set to the system along with the correct DNS entry in /etc/resolv.conf file.

    For more KB articles/solutions related to Red Hat Satellite 6.x Client Subscription Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Client Subscription Issues

Root Cause

  • The certificates needed to be regenerated for the system.

  • The path for the baseurl parameter is not correct in /etc/rhsm/rhsm.conf file on the client server which is registered to Satellite.

Diagnostic Steps

  • Install following packages on satellite server:

    # rpm -Uvh nss-softokn-*.x86_64.rpm nss-softokn-freebl-*.x86_64.rpm

  • Analyze the following:

    • a) Disable the repository named : "Red Hat Enterprise Linux 7 Server-Extras(RPMs)" through /etc/yum.repos.d/redhat.repo.

    • b) On the satellite server run following command:

      # curl -v  https://<domain.com> --cacert /etc/rhsm/ca/katello-server-ca.pem > /tmp/curl.out

    • c) Ensure the client & satellitesystems time and date is correct.

    • d) Capture a sosreport to provide to Red Hat support.

    • e) Check if there is a proxy or transparent proxy in between the server and client.

    • f) Check if the baseurl parameter is incorrectly set as below in /etc/rhsm/rhsm.conf file on the client server which is registered to Satellite.

      # cat /etc/rhsm/rhsm.conf | grep baseurl
baseurl= https://<satellite_fqdn>/pulp/repos/
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.