We have a public development server that requires SSL for a particular function.
Still, anything that uses SSL in any form returns
curl: (60) The issuer of the Peer certificate has been marked as not approved by the user.
This is not a problem of "Well, just use ssl-verify = false on yum, or –insecure on curl queries.
I realize that I can do that on those two to make my calls. But finally, I MUST be able to use SSL because the development for which we use these servers requires it.
It seems that the CA is obsolete. I tried the following
I myself have tried to import the file cacert.pem (although I admit, the knowledge I miss, so it is possible that I was wrong)
I've checked the date / time on the server to make sure it's not the problem.
I can not get the "Network Administrator" (term used in an approximate way because it will be the first to admit that it has absolutely no knowledge of Linux – Microsoft pure) and even be bothered by the reinstallation of Centos on this machine. So I have to find a solution to that.
Any help would be appreciated. Here are some examples of what we get when we try to do things such as yum, curl, and run some execbot –apache running.
[root@localhost work]# yum reinstall mc Plugins loaded: the fastest Loading mirror speeds from the cached host file Can not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel- 7 & arch = x86_64 error was 14: curl # 60 - "The issuer of Peer's certificate has been marked as not approved by l & # 39; User ". * base: repos.dfw.quadranet.com * epel: mirror.compevo.com * extras: repos-tx.psychz.net * updates: mirror.us.oneandone.net * webtatic: repo.webtatic.com https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl # 60 - "The issuer of Peer's certificate has been marked as not approved by l & # 39; User ". Try another mirror. It was impossible to connect to the CentOS servers. This could cause a connectivity problem in your environment, such as obligation to configure a proxy, or a transparent proxy that impairs TLS security, or an error system clock. You can try to solve this problem by using the instructions on https://wiki.centos.org/yum-errors If the article above does not help to solve this problem, please use https://bugs.centos.org/. https://uk.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl # 60 - "The issuer of Peer's certificate was marked as not approved by the user." Try another mirror. https://sp.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl # 60 - "The issuer of Peer's certificate was marked as not approved by the user." Try another mirror. https://repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl # 60 - "The issuer of Peer's certificate was marked as not approved by the user." Try another mirror.
[root@localhost work]# curl https://www.google.com curl: (60) The issuer of Peer's certificate was marked as not approved by the user. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" public keys from the Certificate Authority (CA). If the defect bundle file is not adequate, you can specify another file using the --cacert option. If this HTTPS server uses a certificate signed by a certificate authority represented in the package, the verification of the certificate has probably failed due to a problem with the certificate (it may be expired, or the name may does not match the domain name in the URL). If you want to disable certificate verification by curl, use the -k option (or --insecure).
CERTBOT (FOR REQUEST OF LETSENCRYPT SSL CERT)
[root@localhost work]# sudo certbot --apache Saving the debug log in /var/log/letsencrypt/letsencrypt.log Selected Plugins: Apache Authenticator, Install Apache Enter the e-mail address (used for urgent renewal and security notifications) (Entry & # 39; c & # 39; to cancel): email@example.com Launching a new HTTPS connection (1): acme-v02.api.letsencrypt.org An unexpected error appeared: SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] failure to verify the certificate (_ssl.c: 579) Please see the log files in / var / log / letsencrypt for more details.