I work in a lab environment that has a proxy somewhere on the network.
I have my VMware VM running CentOS8 and have installed the epel-latest-release package.
When I execute a generic *yum update *I run into problems. They are here: [root@wsf-owt-dev001:yum.repos.d]# yum update Extra Packages for Enterprise Linux 8 - Playground - x86_64 0.0 B/s | 0 B 00:01 Errors during downloading metadata for repository 'epel-playground': - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x8... [SSL certificate problem: EE certificate key too weak] Error: Failed to download metadata for repo 'epel-playground': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x8... [SSL certificate problem: EE certificate key too weak]
I see the curl error, so I try a curl command and also run into problems: [root@wsf-owt-dev001:yum.repos.d]# curl -v https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x8... [1] 683465 [2] 683466 [3] 683467 [root@wsf-owt-dev001:yum.repos.d]# * Uses proxy env variable https_proxy == 'http://214.3.129.49:80' * Trying 214.3.129.49... * TCP_NODELAY set * Connected to 214.3.129.49 (214.3.129.49) port 80 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to mirrors.fedoraproject.org:443 > CONNECT mirrors.fedoraproject.org:443 HTTP/1.1 > Host: mirrors.fedoraproject.org:443
User-Agent: curl/7.61.1 > Proxy-Connection: Keep-Alive > < HTTP/1.0 200
Connection established < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CONNECT phase completed! * CONNECT phase completed! * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, bad certificate (554): * SSL certificate problem: EE certificate key too weak * Closing connection 0 curl: (60) SSL certificate problem: EE certificate key too weak More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. [1] Exit 60 curl -v https://mirrors.fedoraproject.org/metalink?repo=playground-epel8 [2]- Done arch=x86_64 [3]+ Done infra=stock
I don't know what to do to fix this. Can someone please explain what the problem is on a high level and then what to do about it so that I can learn from this?
Thank you, -------------------------- Warron French
On Thu, Jul 16, 2020 at 03:59:23PM -0400, warron.french wrote:
I work in a lab environment that has a proxy somewhere on the network.
I have my VMware VM running CentOS8 and have installed the epel-latest-release package.
....snip...
I don't know what to do to fix this. Can someone please explain what the problem is on a high level and then what to do about it so that I can learn from this?
What does:
cat /etc/crypto-policies/state/current
show?
If it's FUTURE, thats the problem. You can do back to default with:
sudo update-crypto-policies --set DEFAULT
kevin
Actually the file indicates DEFAULT already.
-------------------------- Warron French
On Thu, Jul 16, 2020 at 4:12 PM Kevin Fenzi kevin@scrye.com wrote:
On Thu, Jul 16, 2020 at 03:59:23PM -0400, warron.french wrote:
I work in a lab environment that has a proxy somewhere on the network.
I have my VMware VM running CentOS8 and have installed the epel-latest-release package.
....snip...
I don't know what to do to fix this. Can someone please explain what the problem is on a high level and then what to do about it so that I can
learn
from this?
What does:
cat /etc/crypto-policies/state/current
show?
If it's FUTURE, thats the problem. You can do back to default with:
sudo update-crypto-policies --set DEFAULT
kevin _______________________________________________ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject...
On Thu, Jul 16, 2020 at 04:29:08PM -0400, warron.french wrote:
Actually the file indicates DEFAULT already.
Odd. Thats the only time I have seen any errors like those.
YOu might try a sudo update-crypto-policies --set DEFAULT and see if it helps anyhow.
kevin --
Warron French
On Thu, Jul 16, 2020 at 4:12 PM Kevin Fenzi kevin@scrye.com wrote:
On Thu, Jul 16, 2020 at 03:59:23PM -0400, warron.french wrote:
I work in a lab environment that has a proxy somewhere on the network.
I have my VMware VM running CentOS8 and have installed the epel-latest-release package.
....snip...
I don't know what to do to fix this. Can someone please explain what the problem is on a high level and then what to do about it so that I can
learn
from this?
What does:
cat /etc/crypto-policies/state/current
show?
If it's FUTURE, thats the problem. You can do back to default with:
sudo update-crypto-policies --set DEFAULT
kevin _______________________________________________ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject...
epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject...
Hello Kevin, I did as you suggested and a statement indicated it would be good to reboot was displayed, so I did reboot.
After that my generic *yum update* did work. Then I tried to install EPEL Repo again: [root@wsf-owt-dev001:yum.repos.d]# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm Last metadata expiration check: 4:20:17 ago on Thu 16 Jul 2020 03:35:37 PM EDT. [MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak] [MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak] [MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak] [MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak] [FAILED] epel-release-latest-8.noarch.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak] Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak]
-------------------------- Warron French
On Thu, Jul 16, 2020 at 5:39 PM Kevin Fenzi kevin@scrye.com wrote:
On Thu, Jul 16, 2020 at 04:29:08PM -0400, warron.french wrote:
Actually the file indicates DEFAULT already.
Odd. Thats the only time I have seen any errors like those.
YOu might try a sudo update-crypto-policies --set DEFAULT and see if it helps anyhow.
kevin
Warron French
On Thu, Jul 16, 2020 at 4:12 PM Kevin Fenzi kevin@scrye.com wrote:
On Thu, Jul 16, 2020 at 03:59:23PM -0400, warron.french wrote:
I work in a lab environment that has a proxy somewhere on the
network.
I have my VMware VM running CentOS8 and have installed the epel-latest-release package.
....snip...
I don't know what to do to fix this. Can someone please explain
what the
problem is on a high level and then what to do about it so that I can
learn
from this?
What does:
cat /etc/crypto-policies/state/current
show?
If it's FUTURE, thats the problem. You can do back to default with:
sudo update-crypto-policies --set DEFAULT
kevin _______________________________________________ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to
epel-devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject...
epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject...
epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject...
On 7/16/20 1:59 PM, warron.french wrote:
I work in a lab environment that has a proxy somewhere on the network.
I have my VMware VM running CentOS8 and have installed the epel-latest-release package.
When I execute a generic *yum update *I run into problems. They are here: [root@wsf-owt-dev001:yum.repos.d]# yum update Extra Packages for Enterprise Linux 8 - Playground - x86_64 0.0 B/s | 0 B 00:01 Errors during downloading metadata for repository 'epel-playground': - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x8... [SSL certificate problem: EE certificate key too weak] Error: Failed to download metadata for repo 'epel-playground': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x8... [SSL certificate problem: EE certificate key too weak]
I see the curl error, so I try a curl command and also run into problems: [root@wsf-owt-dev001:yum.repos.d]# curl -v https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x8... [1] 683465 [2] 683466 [3] 683467 [root@wsf-owt-dev001:yum.repos.d]# * Uses proxy env variable https_proxy == 'http://214.3.129.49:80' * Trying 214.3.129.49... * TCP_NODELAY set * Connected to 214.3.129.49 (214.3.129.49) port 80 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to mirrors.fedoraproject.org:443 http://mirrors.fedoraproject.org:443 > CONNECT mirrors.fedoraproject.org:443 http://mirrors.fedoraproject.org:443 HTTP/1.1 > Host: mirrors.fedoraproject.org:443 http://mirrors.fedoraproject.org:443 > User-Agent: curl/7.61.1 > Proxy-Connection: Keep-Alive > < HTTP/1.0 200 Connection established < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CONNECT phase completed! * CONNECT phase completed! * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, bad certificate (554): * SSL certificate problem: EE certificate key too weak * Closing connection 0 curl: (60) SSL certificate problem: EE certificate key too weak More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. [1] Exit 60 curl -v https://mirrors.fedoraproject.org/metalink?repo=playground-epel8 [2]- Done arch=x86_64 [3]+ Done infra=stock
I don't know what to do to fix this. Can someone please explain what the problem is on a high level and then what to do about it so that I can learn from this?
What's the output of:
curl --trace-ascii - 'https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x8...'
epel-devel@lists.fedoraproject.org
-
Kevin Fenzi -
Orion Poplawski -
warron.french