I work in a lab environment that has a proxy somewhere on the network.
I have my VMware VM running CentOS8 and have installed the epel-latest-release package.
When I execute a generic yum update I run into problems. They are here:
[root@wsf-owt-dev001:yum.repos.d]# yum update
Extra Packages for Enterprise Linux 8 - Playground - x86_64 0.0 B/s | 0 B 00:01
Errors during downloading metadata for repository 'epel-playground':
- Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x86_64&infra=stock&content=centos [SSL certificate problem: EE certificate key too weak]
Error: Failed to download metadata for repo 'epel-playground': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x86_64&infra=stock&content=centos [SSL certificate problem: EE certificate key too weak]
I see the curl error, so I try a curl command and also run into problems:
[root@wsf-owt-dev001:yum.repos.d]# curl -v https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x86_64&infra=stock&content=centos
[1] 683465
[2] 683466
[3] 683467
[root@wsf-owt-dev001:yum.repos.d]# * Uses proxy env variable https_proxy == 'http://214.3.129.49:80'
* Trying 214.3.129.49...
* TCP_NODELAY set
* Connected to 214.3.129.49 (214.3.129.49) port 80 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to mirrors.fedoraproject.org:443
> CONNECT mirrors.fedoraproject.org:443 HTTP/1.1
> Host: mirrors.fedoraproject.org:443
> User-Agent: curl/7.61.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, bad certificate (554):
* SSL certificate problem: EE certificate key too weak
* Closing connection 0
curl: (60) SSL certificate problem: EE certificate key too weak
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
[1] Exit 60 curl -v https://mirrors.fedoraproject.org/metalink?repo=playground-epel8
[2]- Done arch=x86_64
[3]+ Done infra=stock
I don't know what to do to fix this. Can someone please explain what the problem is on a high level and then what to do about it so that I can learn from this?
Thank you,
--------------------------
Warron French
Warron French
_______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
