Adding --no-check-certificate to yum repositories
Solution 1
For one repo you can add the following in the repo configuration:
sslverify=0
For all repos, you can add the following to "/etc/yum.conf":
sslverify=false
Solution 2
On CentOS 7.5, running this worked:
yum-config-manager --save --setopt=<REPONAME>.sslverify=false
Solution 3
The ssl check is there for a reason. It is really dangerous to disable ssl certificate check. I prefer this approach: One of my customer's environment is not set u properly, where the SSL certificate of the proxy server signs every ssl cert of every site. To verify that this is the problem, I run
curl https://www.google.com
It fails, so, get the certificate with one command using openssl-client
openssl s_client -showcerts -servername www.google.com -connect www.google.com:443 > cacert.pem
The big file has the server cert in the middle, copy it, and save it to new file, we will call it mycert.pem. The cert starts with Begin Certificate, and ends with End of Certificate
Let's test it to verify
curl https://www.google.com --cacert mycert.pem
It it works, then the problem is resolved. All what we need to do is to add it to the repository where curl uses as trusted repository. To get the location of the certificates, do the following
strace curl https://www.google.com |& grep open
Lots of output, but right near the end I see: open("/etc/ssl/certs/578d5c04.0", O_RDONLY) = 4
Which is where my certificates are stored. Then simply append the file got earlier.
echo "#Added by me , the client\'s certificate" >> /etc/pki/tls/certs/ca-bundle.crt
cat mycert.pem >> /etc/pki/tls/certs/ca-bundle.crt
Then test again with curl, now without the certificate as an option
curl https://www.google.com
It should get the certificate.
Related videos on Youtube
mahmood
Updated on September 18, 2022Comments
-
mahmood almost 2 years
I have added
virtio-win.repo
according to this guide. The content of/etc/yum.repo.d/virtio-win.repo
is now[virtio-win-stable] name=virtio-win builds roughly matching what was shipped in latest RHEL baseurl=http://fedorapeople.org/groups/virt/virtio-win/repo/stable enabled=1 skip_if_unavailable=1 gpgcheck=0 [virtio-win-latest] [virtio-win-source]
The last two
[]
have similar options as the first (which are not my problem). Now, when I runyum makecache
, I get this errorhttp://fedorapeople.org/groups/virt/virtio-win/repo/stable/repodata/repomd.xml: [Errno 14] problem making ssl connection
I tried running
wget http://fedorapeople.org/groups/virt/virtio-win/repo/stable/repodata/repomd.xml
manually, but it recommends me to add--no-check-certificate
towget
which will solve the problem.I want to know how can I add that option in the
/etc/yum.repo.d/virtio-win.repo
? -
mahmood about 8 yearsNo. it has no effect
-
davidgo about 8 yearsTry also changing back to https for the URL. Be aware that by changing sslverify to off you are foregoing protection against MITM attacks.
-
Pablo Fallas over 4 yearsDo you guys know if this applies to scenarios where I'm trying to disable SSL for URLs: I'm trying to run
yum install <URL>
, but disabling sslverify in theyum.conf
, doesn't seem to do the trick. -
peterh about 4 yearsWhy? I think nss has nothing to do to that. It is about resolving names (mostly, hostnames).
-
Michael about 4 yearsURL : mozilla.org/projects/security/pki/nss Summary : Network Security Services Description : Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
-
user674669 almost 4 yearsWorked great for me on CentOS Linux release 7.2.1511.