I work in a lab environment that has a proxy somewhere on the network.
I have my VMware VM running CentOS8 and have installed the
epel-latest-release package.
When I execute a generic *yum update *I run into problems. They are here:
[root@wsf-owt-dev001:yum.repos.d]# yum update Extra Packages for Enterprise
Linux 8 - Playground - x86_64 0.0 B/s | 0 B 00:01 Errors during downloading
metadata for repository 'epel-playground': - Curl error (60): Peer
certificate cannot be authenticated with given CA certificates for
https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch...
[SSL certificate problem: EE certificate key too weak] Error: Failed to
download metadata for repo 'epel-playground': Cannot prepare internal
mirrorlist: Curl error (60): Peer certificate cannot be authenticated with
given CA certificates for
https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch...
[SSL certificate problem: EE certificate key too weak]
I see the curl error, so I try a curl command and also run into problems:
[root@wsf-owt-dev001:yum.repos.d]# curl -v
https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch...
[1] 683465 [2] 683466 [3] 683467 [root@wsf-owt-dev001:yum.repos.d]# * Uses
proxy env variable https_proxy == 'http://214.3.129.49:80' * Trying
214.3.129.49... * TCP_NODELAY set * Connected to 214.3.129.49
(214.3.129.49) port 80 (#0) * allocate connect buffer! * Establish HTTP
proxy tunnel to mirrors.fedoraproject.org:443 > CONNECT
mirrors.fedoraproject.org:443 HTTP/1.1 > Host: mirrors.fedoraproject.org:443
User-Agent: curl/7.61.1 > Proxy-Connection: Keep-Alive > <
HTTP/1.0 200
Connection established < * Proxy replied 200 to CONNECT request *
CONNECT
phase completed! * ALPN, offering h2 * ALPN, offering http/1.1 *
successfully set certificate verify locations: * CAfile:
/etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS
handshake, Client hello (1): * CONNECT phase completed! * CONNECT phase
completed! * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN),
TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, bad
certificate (554): * SSL certificate problem: EE certificate key too weak *
Closing connection 0 curl: (60) SSL certificate problem: EE certificate key
too weak More details here:
https://curl.haxx.se/docs/sslcerts.html curl
failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above. [1] Exit 60 curl
-v
https://mirrors.fedoraproject.org/metalink?repo=playground-epel8 [2]-
Done arch=x86_64 [3]+ Done infra=stock
I don't know what to do to fix this. Can someone please explain what the
problem is on a high level and then what to do about it so that I can learn
from this?
Thank you,
--------------------------
Warron French