Hi, I've got a tough SSL issue.

Issue:

smtclient# zypper update

Download (curl) error for 'https://smtserver/repo/full/$RCE/SLES11-SP3-VMware-Pool/sle-11-x86_64/repodata/repomd.xml':
Error code: Unrecognized error
Error message: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

smtserver:/srv/www/htdocs# openssl x509 -in smt.crt -text | grep -A10 -B10 Validity
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b7:b7:69:76:b4:a3:5c:ff
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, CN=YaST_Default_CA/emailAddress=
Validity
Not Before: May 12 22:31:03 2014 GMT
Not After : May 9 22:31:03 2024 GMT
Subject: C=US, CN=YaST_Default_CA/emailAddress=
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b2:0b:b9:a5:d4:7c:69:79:0a:90:81:f0:88:1b:
84:28:cf:e7:0d:8f:cc:bf:cf:66:44:18:8a:95:e6:
7f:07:86:1f:d2:68:7f:71:03:64:7d:d0:e5:7b:e7:

Troubleshoot:

Remove old CA:

smtserver# mv /var/lib/CAM/YaST_Default_CA /tmp/YaST_Default_CA
smtserver# mv /srv/www/htdocs/smt.crt /tmp/smt.crt

Create new CA:

smtserver# yast2 ca_mgm
> Create Root CA > CA Name = YaST_Default_CA > Common Name: YaST_Default_CA > ..... > Next > Password = 123456 > Next > Create
> Enter CA > Advanced > Export to File > Only the Certificate in PEM Format > File Name = /srv/www/new.smt.crt > Ok > Ok > Finish

smtserver# openssl x509 -in /srv/www/new.smt.crt -text | grep -A10 -B10 Validity
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ff:23:46:41:93:d4:6c:83
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Ok, L=Ok, O=Ok, OU=Ok, CN=YaST_Default_CA/emailAddress=
Validity
Not Before: Jun 8 19:15:54 2015 GMT
Not After : Jun 5 19:15:54 2025 GMT
Subject: C=US, ST=Ok, L=Ok, O=Ok, OU=Ok, CN=YaST_Default_CA/emailAddress=
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b7:1e:04:68:79:57:1b:ad:66:4a:09:00:e6:48:
37:b8:f0:e9:2e:f9:c2:65:2b:85:b4:ee:3f:66:18:
a0:f0:ad:96:15:7d:e9:49:37:31:8a:fd:0a:ab:b1:


Problem remains:

smtclient# /usr/lib/suseRegister/bin/clientSetup4SMT.sh --host smtserver --regcert http://smtserver/new.smt.crt
Download failed. Abort.

Please help. Thanks a lot!

nz