Hello Everybody,
I'm curious about the ssl-verification when using an https-address for the repo-option in kickstart. When I'm trying to use https I get the result "Peer cert cannot be verified or peer cert invalid" in the debug output from anaconda.
I know the cert is valid, but I guess it cant be verified against the CA anaconda is using ? I noticed in later versions (>14.19-1) of anaconda the --noverifyssl flag was added which I'm pretty sure would solve my problem.
My question really boils down to, - Can I somehow add our rootca to the CA anaconda is looking in, or make it validate our certs in some other way ?
________________________________________________________________________
Patrik Martinsson ITi
SMHI Telefon 011-4958417 Fax 011-4958350 Mobil 011-4958417 Epost patrik.martinsson@smhi.se 601 76 Norrköping Besöksadress Folkborgsvägen 1 www.smhi.se
On 12/30/2010 02:42 PM, Patrik Martinsson wrote:
Hello Everybody,
I'm curious about the ssl-verification when using an https-address for the repo-option in kickstart. When I'm trying to use https I get the result "Peer cert cannot be verified or peer cert invalid" in the debug output from anaconda.
I know the cert is valid, but I guess it cant be verified against the CA anaconda is using ? I noticed in later versions (>14.19-1) of anaconda the --noverifyssl flag was added which I'm pretty sure would solve my problem.
My question really boils down to,
- Can I somehow add our rootca to the CA anaconda is looking in, or make
it validate our certs in some other way ?
Hi,
You can add your own CA in kickstart as Marko described here: https://bugzilla.redhat.com/show_bug.cgi?id=599040#c0
Ales
anaconda-devel@lists.fedoraproject.org
-
Ales Kozumplik -
Patrik Martinsson