Fedora Linux Support Community & Resources Center
  #1  
Old 17th September 2010, 08:47 PM
mpolo Offline
Registered User
 
Join Date: Jun 2005
Posts: 197
linuxfedorafirefox
Certificates in yum

My organization just moved to using a zscaler proxy system. Basically, I have to use a .pac file in Firefox to get onto the proxy, which directs me to a series of two Flash pages, one to input my username, one for the password.

After reading through the .pac file, I was able to get some command-line things to work by specifying the proxy given at the end. However, this server uses an SSL certificate that is not emitted by an authority, but rather directly by our organization. In Firefox, I had to import this certificate to enable https:// browsing.

Is there any way to "import" this certificate so that yum can use it? Because yum freezes with the error:

Code:
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=fedora-13&arch=x86_64 error was
14: Peer cert cannot be verified or peer cert invalid
Thanks for any help!
Reply With Quote
  #2  
Old 17th September 2010, 08:50 PM
Discov3ry Offline
Registered User
 
Join Date: Oct 2008
Posts: 35
linuxchrome
Re: Certificates in yum

I wonder if instead of using mirrors you could use the baseurl, which is non-ssl. Try uncommenting the #baseurl line in /etc/yum.repos.d/fedora.repo and commenting out the 'mirrorlist' line.
__________________
Streamripper Simple Frontend (SSF) - rip SHOUTcast streams in 3 easy steps.
Follow me on Twitter
Reply With Quote
  #3  
Old 17th September 2010, 09:28 PM
mpolo Offline
Registered User
 
Join Date: Jun 2005
Posts: 197
linuxfedorafirefox
Re: Certificates in yum

That seems to be working. Thanks for the idea!

(Although I still wonder if there is an answer to the original question...)
Reply With Quote
  #4  
Old 17th September 2010, 09:31 PM
Discov3ry Offline
Registered User
 
Join Date: Oct 2008
Posts: 35
linuxchrome
Re: Certificates in yum

Yeah, I forgot to mention that it only seems like a temporary workaround, your original issue is still in place. This could very well be a bug that yum doesn't honor self-signed certs.
__________________
Streamripper Simple Frontend (SSF) - rip SHOUTcast streams in 3 easy steps.
Follow me on Twitter
Reply With Quote
  #5  
Old 18th September 2010, 12:02 AM
PabloTwo Online
"Registered User" T-Shirt Winner
 
Join Date: Mar 2007
Location: Seville, FL
Posts: 6,054
linuxfirefox
Re: Certificates in yum

See 'man yum.conf'
Quote:
sslcacert Path to the directory containing the databases of the certificate authorities yum should
use to verify SSL certificates. Defaults to none - uses system default

sslverify Boolean - should yum verify SSL certificates/hosts at all. Defaults to True

sslclientcert Path to the SSL client certificate yum should use to connect to repos/remote sites
Defaults to none.

proxy URL to the proxy server that yum should use.

proxy_username username to use for proxy

proxy_password password for this proxy
Reply With Quote
  #6  
Old 18th September 2010, 02:10 AM
mpolo Offline
Registered User
 
Join Date: Jun 2005
Posts: 197
linuxfedorafirefox
Re: Certificates in yum

Great. I was now able to use the mirrors. Thanks a lot!
Reply With Quote
  #7  
Old 25th February 2011, 11:40 AM
summermonsoon Offline
Registered User
 
Join Date: Feb 2011
Posts: 2
linuxfedorafirefox
Re: Certificates in yum

hello

how did you solved the problem
Reply With Quote
  #8  
Old 16th November 2011, 03:19 AM
shade0o Offline
Registered User
 
Join Date: Aug 2011
Location: New Zealand
Age: 26
Posts: 3
linuxchrome
Re: Certificates in yum

Getting same problem with f16 now. some information would be nice
Reply With Quote
  #9  
Old 17th November 2011, 08:29 AM
code933k Offline
Registered User
 
Join Date: Nov 2011
Location: Bogota DC, CO
Age: 38
Posts: 5
linuxfirefox
Post Re: Certificates in yum

Quote:
Originally Posted by shade0o View Post
Getting same problem with f16 now. some information would be nice
They suggested clearly (man yum.conf):
Edit your
Code:
/etc/yum.conf
file, adding
Code:
sslverify=False
This is a temporary workaround. Don't forget to remove, comment or switch to
Code:
True
that line after a while as this step voids proper server checking and is a security risk.
Reply With Quote
Reply

Tags
certificates, yum

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Wildcard SSL certificates sentry Servers & Networking 1 10th September 2009 04:54 AM
Certificates OainjaQakanj Security and Privacy 1 17th April 2007 08:46 AM
FC4 and SSL Certificates D@ Mick Servers & Networking 1 7th October 2005 02:55 PM


Current GMT-time: 13:48 (Wednesday, 23-07-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat