Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-23574

Syncing from upstream repo using certificates on Red Hat Satellite 6 fails with certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')]).

XMLWordPrintable

    • False
    • pulp_container-2.14.13, pulp_container-2.15.6, pulp_container-2.16.6, pulp_container-2.18.1
    • Moderate
    • None
    • None
    • None
    • None
    • No

      Description of problem:
      Syncing from upstream repo using certificates for authentication on Red Hat Satellite 6 fails with certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')]).

      Version-Release number of selected component (if applicable):

      How reproducible:
      Always

      Steps to Reproduce:
      1. Create a upstream registry which uses a ca , key and cert for authentication.

      Sync the repo and it fails with:

      Cannot connect to host registry.tts-trax.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')])

      Expected results:
      The sync should be successful.

      Additional info:
      It is seen that somehow pulp is ignoring the certs used in the repo configuration.

      As a workaround we need to keep the ca in /etc/pki/ca-trust/source/anchors of satellite and then run #update-ca-trust

            [SAT-23574] Syncing from upstream repo using certificates on Red Hat Satellite 6 fails with certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')]).

            Eric Helms added a comment -

            This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

            Due to differences in account names between systems, some fields were not replicated. Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.

            To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "SAT-" followed by an integer. You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

            "Bugzilla Bug" = 1234567

            In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues@redhat.com. You can also visit https://access.redhat.com/articles/7032570 for general account information.

            Eric Helms added a comment - This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there. Due to differences in account names between systems, some fields were not replicated. Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information. To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "SAT-" followed by an integer. You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like: "Bugzilla Bug" = 1234567 In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues@redhat.com. You can also visit https://access.redhat.com/articles/7032570 for general account information.

            Lubos Mjachky added a comment - - edited

            It appeared this was a bug on the Pulp's side. We have just released bug fixes all the way down to pulp-container 2.14.13. The reporter is running 2.14.7. We encourage updating the instance.

            https://pypi.org/project/pulp-container/2.14.13/
            https://docs.pulpproject.org/pulp_container/en/2.14.13/changes.html

            Please, verify and package the latest release.

            Lubos Mjachky added a comment - - edited It appeared this was a bug on the Pulp's side. We have just released bug fixes all the way down to pulp-container 2.14.13. The reporter is running 2.14.7. We encourage updating the instance. https://pypi.org/project/pulp-container/2.14.13/ https://docs.pulpproject.org/pulp_container/en/2.14.13/changes.html Please, verify and package the latest release.

            Daniel Alley added a comment - - edited

            This issue needs a bit more description, it's not even clear which type of repo was used, RPM or a container registry. Can you also provide a screenshot or paste of the repo configuration details?

            Daniel Alley added a comment - - edited This issue needs a bit more description, it's not even clear which type of repo was used, RPM or a container registry. Can you also provide a screenshot or paste of the repo configuration details?

              jira-bugzilla-migration RH Bugzilla Integration
              rhn-support-smajumdar Soham Majumdar
              Shweta Singh, Vladimír Sedmík
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: