PDA

View Full Version : SLE12 / unable to get local issuer certificate



mschwarz67346
13-Aug-2015, 08:37
Hi,

on my server with SLE12 I get the following error during configuration of SUSE Customer Center:

Fehler bei sicherer Verbindung: unable to get local issuer certificate
http://mschwarz.de/test/certificate.png

This worked during initial install, patches with zypper are working fine, I encountered this when trying to add additional products through SCC.

Anybody got an idea what's wrong ? I just tried the same on a second SLE12 server, same result.

jmozdzen
17-Aug-2015, 16:13
Hi mschwarz67346,

Hi,

on my server with SLE12 I get the following error during configuration of SUSE Customer Center:

Fehler bei sicherer Verbindung: unable to get local issuer certificate

are you still experiencing this? There was a temporary problem with the SUSE servers, that got fixed almost immediately... but that was a few days before your report. The fingerprints shown in your screen dump do not match the currently used certificate...

Regards,
Jens

mschwarz67346
17-Aug-2015, 18:03
Hi mschwarz67346,


are you still experiencing this? There was a temporary problem with the SUSE servers, that got fixed almost immediately... but that was a few days before your report. The fingerprints shown in your screen dump do not match the currently used certificate...

Regards,
Jens

Hello Jens,

still no change. This happens everytime I try to configure the Customer Center, I ignored it until now because patches are running fine. But I need to configure Add-On Products now, and I cannot fetch the list or use the CC.

Best regards,
Marco

jmozdzen
18-Aug-2015, 11:00
Hi Marco,

to me it looks like you hit a HTTPS server with a certificate that is not the currently valid SUSE one.

Have you tried running SUSEConnect from the command line, i.e. with "--debug"? That way you could probably see what server URL is being contacted. We could then check if that server actually uses a bad/wrong certificate, or if it is something related to your site. Do you connect across a proxy?

*If* it turns out to be some problem with the server certificate, and you could definitely make sure you are contacting the right server, you could create a file /etc/SUSEConnect (see the *.example version there) and turn off the SSL certificate check. But I only recommend this as a measure of absolutely last resort, because you're turning of security then: You might be connecting to a "bad" (non-SUSE) server, i.e. a DNS spoofing attack or else, and never find out.

If you cannot debug this further, I recommend to contact SUSE to open a support request.

Regards,
Jens