Re: [squid-users] yum update fails when using squid even though .redhat.com is whitelisted

Thu, 21 Nov 2019 01:31:46 -0800 


On 21/11/2019 09:16, Berger J Nicklas wrote:
We are using squid for both http and https whitelisting for egress. Most of the whitelisting works fine but some specific once do not work. We have tried this on this versions of squid 3.5(amazon linux 2), 4.1(centos7) and 4.4(centos8). For instance when running yum update for redhat linux in aws from a server using squid for egress it fails: 

ec2-user]# yum update -v
*Failed to set locale, defaulting to C
*

*Loaded plugins: AmazonID, builddep, changelog, config-manager, copr, 
debug, debuginfo-install, download, generate_completion_cache, 
needs-restarting, playground, repoclosure, repodiff, repograph, 
repomanage, reposync, uploadprofile

*
*DNF version: 4.0.9
*
*cachedir: /var/cache/dnf
*
*repo: downloading from remote: rhui-client-config-server-8
*

*error: Curl error (60): Peer certificate cannot be authenticated with 
given CA certificates for 
https://rhui3.eu-north-1.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/x86_64/os 
[SSL certificate problem: self signed certificate in certificate 
chain] 
(https://rhui3.eu-north-1.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/x86_64/os).

*

*Red Hat Update Infrastructure 3 Client Configuration Server 8         
                                 0.0  B/s |   0  B     00:01

*

*Cannot download 
'https://rhui3.eu-north-1.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/x86_64/os': 
Cannot prepare internal mirrorlist: Curl error (60): Peer certificate 
cannot be authenticated with given CA certificates for 
https://rhui3.eu-north-1.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/x86_64/os 
[SSL certificate problem: self signed certificate in certificate chain].

*

*Error: Failed to synchronize cache for repo 
'rhui-client-config-server-8'*



The problem has nothing to do with Squid, 
https://rhui3.eu-north-1.aws.ce.redhat.com is indeed using a self-signed 
certificate.




You could add that cert to CA trust in your system, once you have 
verified the authenticity.



--
Giles Coochey


_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users






















					Reply via email to