A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more. Log in for full access Log InIssue
//access.redhat.com/management/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
Trying other mirror.
Environment
Subscriber
exclusive content
Current Customers and Partners
When creating a custom ISO image based on current release getting the following error:Issue
Environment
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
Current Customers and Partners
Log in for full access
Log In
We running 2 application on amazon EC2 (backend.example.com & frontend.example.com). For that application, we used a paid SSL Certificate. That certificate expiration date at 2021 June. But today, we got an error -
cURL error 60: SSL certificate problem: certificate has expired (see //curl.haxx.se/libcurl/c/libcurl-errors.html)We check certificate expiration date, but there was no problem (2021 June). Then we follow this thread - curl: (60) SSL certificate problem: unable to get local issuer certificate (@Dahomz answer)
After that, when we curl example.com by - curl -v --url //backend.example.com --cacert /etc/ssl/ssl.cert/cacert.pem, It working fine. Response like -
* Rebuilt URL to: //backend.example.com/ * Trying 127.0.0.1... * Connected to backend.example.com (127.0.0.1) port 443 (#0) * found 139 certificates in /etc/ssl/ssl.cert/cacert.pem * found 600 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ******_RSA_***_***_GCM_***** * server certificate verification OK * server certificate status verification SKIPPED * common name: *.example.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: OU=Domain Control Validated,OU=PositiveSSL Wildcard,CN=*.example.xyz * start date: Mon, 04 May 2019 00:00:00 GMT * expire date: Wed, 07 June 2021 23:59:59 GMT * issuer: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Domain Validation Secure Server CA * compression: NULL * ALPN, server accepted to use http/1.1But when we hit from frontend.example.com to backend.example.com by curl, it throws this error -
* Rebuilt URL to: //backend.example.com/ * Trying 127.0.0.1... * Connected to backend.example.com (127.0.0.1) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/ssl.cert/cacert.pem CApath: /etc/ssl/certs * SSL connection using TLSv1.2 / *****-RSA-*****-GCM-****** * ALPN, server accepted to use http/1.1 * Server certificate: * subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.example.com * start date: Mar 4 00:00:00 2019 GMT * expire date: Apr 7 23:59:59 2021 GMT * issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA * SSL certificate verify result: certificate has expired (10), continuing anyway.My curl code -
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "//backend.example.com"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_STDERR, fopen(public_path("c.log"), 'w')); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); $output = curl_exec($ch); $error = curl_error($ch); $info = curl_getinfo($ch); curl_close($ch);