SUSECON
Results 1 to 2 of 2

Thread: Errors Updating SLED11-SP1

Threaded View

  1. #1
    Join Date
    Oct 2012
    Location
    Portland, Oregon
    Posts
    54

    Question Errors Updating SLED11-SP1

    Hello, All:

    I've just inherited a SLED11-SP1 system and I'm attempting to update the installed packages. However, zypper complains...

    Code:
    genesco1:~ # zypper update
    Refreshing service 'nu_novell_com'.
    Problem retrieving the repository index file for service 'nu_novell_com':
    Download (curl) error for 'https://nu.novell.com/repo/repoindex.xml?cookies=0&credentials=NCCcredentials':
    Error code: Unrecognized error
    Error message: SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    
    Check if the URI is valid and accessible.
    File '/repodata/repomd.xml' not found on medium 'http://www2.ati.com/suse/sle11sp1'
    
    Abort, retry, ignore? [a/r/i/?] (a): a
    Problem retrieving files from 'ATI-Driver-SLE11-SP1'.
    File '/repodata/repomd.xml' not found on medium 'http://www2.ati.com/suse/sle11sp1'
    
    Please see the above error message for a hint.
    Warning: Disabling repository 'ATI-Driver-SLE11-SP1' because of the above error.
    Download (curl) error for 'https://nu.novell.com/repo/$RCE/SLED11-SP1-Pool/sle-11-i586/repodata/repomd.xml?credentials=NCCcredentials':
    Error code: Unrecognized error
    Error message: SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    
    Abort, retry, ignore? [a/r/i/?] (a): a   
    Abort, retry, ignore? [a/r/i/?] (a): a
    Problem retrieving files from 'SLED11-SP1-Pool'.
    Download (curl) error for 'https://nu.novell.com/repo/$RCE/SLED11-SP1-Pool/sle-11-i586/repodata/repomd.xml?credentials=NCCcredentials':
    Error code: Unrecognized error
    Error message: SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    
    Please see the above error message for a hint.
    Warning: Disabling repository 'SLED11-SP1-Pool' because of the above error.
    Download (curl) error for 'https://nu.novell.com/repo/$RCE/SLED11-SP1-Updates/sle-11-i586/repodata/repomd.xml?credentials=NCCcredentials':
    Error code: Unrecognized error
    Error message: SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    
    Abort, retry, ignore? [a/r/i/?] (a): 
    Abort, retry, ignore? [a/r/i/?] (a): 
    Problem retrieving files from 'SLED11-SP1-Updates'.
    Download (curl) error for 'https://nu.novell.com/repo/$RCE/SLED11-SP1-Updates/sle-11-i586/repodata/repomd.xml?credentials=NCCcredentials':
    Error code: Unrecognized error
    Error message: SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    
    Please see the above error message for a hint.
    Warning: Disabling repository 'SLED11-SP1-Updates' because of the above error.
    I believe that there is an HTTP proxy in our environment but that's not stopping wget from accessing google.com:

    Code:
    genesco1:~ # wget google.com
    --2012-07-05 22:15:51--  http://google.com/
    Resolving google.com... 74.125.226.162, 74.125.226.169, 74.125.226.160, ...
    Connecting to google.com|74.125.226.162|:80... connected.
    HTTP request sent, awaiting response... 301 Moved Permanently
    Location: http://www.google.com/ [following]
    --2012-07-05 22:15:52--  http://www.google.com/
    Resolving www.google.com... 173.194.207.105, 173.194.207.147, 173.194.207.99, ...
    Connecting to www.google.com|173.194.207.105|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: unspecified [text/html]
    Saving to: `index.html.1'
    
        [ <=>                                                                                                                                                             ] 18,957      --.-K/s   in 0.1s    
    
    2012-07-05 22:15:52 (157 KB/s) - `index.html.1' saved [18957]
    But when I use wget to access the repository (https://nu.novell.com/repo/) it complains that the "Issued certificate not yet valid":

    Code:
    genesco1:~ # wget https://nu.novell.com/repo/
    --2012-07-05 22:12:32--  https://nu.novell.com/repo/
    Resolving nu.novell.com... 93.184.215.212
    Connecting to nu.novell.com|93.184.215.212|:443... connected.
    ERROR: cannot verify nu.novell.com's certificate, issued by `/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3':
      Issued certificate not yet valid.
    To connect to nu.novell.com insecurely, use `--no-check-certificate'.
    Unable to establish SSL connection.
    ...and when I disable the checking of SSL certificates, wget returns an HTTP status code of 404 (i.e., It receives that code from the nu.novell.com HTTP server):

    Code:
    genesco1:~ # wget --no-check-certificate https://nu.novell.com/repo/
    --2012-07-05 22:13:04--  https://nu.novell.com/repo/
    Resolving nu.novell.com... 93.184.215.212
    Connecting to nu.novell.com|93.184.215.212|:443... connected.
    WARNING: cannot verify nu.novell.com's certificate, issued by `/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3':
      Issued certificate not yet valid.
    HTTP request sent, awaiting response... 404 Not Found
    2012-07-05 22:13:05 ERROR 404: Not Found.
    ...so I used OpenSSL to verify the certificate's dates:

    Code:
    genesco1:~ # openssl x509 -in nu.novell.com.crt -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                06:e0:b2:27:66:e3:3c:2e:df:9a:4a:80:6f:db:b0:31
            Signature Algorithm: sha1WithRSAEncryption
            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3
            Validity
                Not Before: Feb 19 00:00:00 2014 GMT
                Not After : Dec 30 12:00:00 2016 GMT
    This all leads me to the conclusion that there's a problem with the repositories that zypper is configured to use. Do I need to modify the system's repositories?
    Last edited by epretorious; 06-Feb-2016 at 00:59. Reason: added commentary on the HTTP status code returned by nu.novell.com

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •