Problem:
This is a new installation where we are attempting to register a Rocky 8 node with Foreman-Katello server. The node register command works successfully, but commands like yum install return the following error ( as below )
The command yum install iotop executes successfully only when the sslverify option is set to 0 in /etc/yum.repos.d/redhat.repo."
the steps followed to register -
- yum install subscription-manager -y
- dnf install -y https://xxxxx/pub/katello-ca-consumer-latest.noarch.rpm
- rpm -ivh katello-ca-consumer-latest.noarch.rpm
- subscription-manager register --org=“xxxx” --activationkey=“Rocky8_Activation_key”
Has anyone faced this issue before? I am unable to find a solution and could use some guidance.
Error
nstance-test ~]# yum install iotop
Updating Subscription Management repositories.
BaseOS 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository ‘Rocky8_BaseOS’:
- Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://…/Rocky8/custom/Rocky8/BaseOS/repodata/repomd.xml [SSL certificate problem: unable to get local issuer certificate]
Error: Failed to download metadata for repo ‘Rocky8_BaseOS’: Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were trie
instance-test ca]# pwd
/etc/rhsm/ca
[instance-test ca]# ls -lt
total 20
-rw-r–r-- 1 root root 2512 Nov 27 13:47 katello-default-ca.pem
-rw-r–r-- 1 root root 2512 Nov 27 13:47 katello-server-ca.pem
-rw-r–r-- 1 root root 2305 Jun 23 2022 redhat-entitlement-authority.pem
-rw-r–r-- 1 root root 7411 Jun 23 2022 redhat-uep.pem
Expected outcome:
yum repolist or dnf repolist …gives the above error
Foreman and Proxy versions:
Foreman 3.8 ( no proxy configured)
Katello 4.10
Foreman and Proxy plugin versions:
Distribution and version:
Rocky 8.10
the subscription-manager config looks as follows from the client side.
instance-test ca]# subscription-manager config
[server]
hostname = xxxxxxx
insecure = 1
no_proxy =
port = [443]
prefix = /rhsm
proxy_hostname =
proxy_password =
proxy_port =
proxy_scheme = [http]
proxy_user =
server_timeout = [180]
ssl_verify_depth = [3]
[rhsm]
auto_enable_yum_plugins = [1]
baseurl = https://…/pulp/content/
ca_cert_dir = [/etc/rhsm/ca/]
consumercertdir = [/etc/pki/consumer]
entitlementcertdir = [/etc/pki/entitlement]
full_refresh_on_yum = 1
inotify = [1]
manage_repos = [1]
package_profile_on_trans = 1
pluginconfdir = [/etc/rhsm/pluginconf.d]
plugindir = [/usr/share/rhsm-plugins]
productcertdir = [/etc/pki/product]
repo_ca_cert = /etc/rhsm/ca/katello-server-ca.pem
repomd_gpg_url =
report_package_profile = [1]
[rhsmcertd]
auto_registration = [0]
auto_registration_interval = [60]
autoattachinterval = [1440]
certcheckinterval = [240]
disable = [0]
splay = [1]
[logging]
default_log_level = [INFO]
- Default value in use