Adding --no-check-certificate to yum repositories

centos ssl yum
118,736

Solution 1

For one repo you can add the following in the repo configuration:

sslverify=0

For all repos, you can add the following to "/etc/yum.conf":

sslverify=false

Solution 2

On CentOS 7.5, running this worked:

yum-config-manager --save --setopt=<REPONAME>.sslverify=false

Solution 3

The ssl check is there for a reason. It is really dangerous to disable ssl certificate check. I prefer this approach: One of my customer's environment is not set u properly, where the SSL certificate of the proxy server signs every ssl cert of every site. To verify that this is the problem, I run

curl https://www.google.com

It fails, so, get the certificate with one command using openssl-client

openssl s_client -showcerts -servername www.google.com -connect www.google.com:443 > cacert.pem

The big file has the server cert in the middle, copy it, and save it to new file, we will call it mycert.pem. The cert starts with Begin Certificate, and ends with End of Certificate

Let's test it to verify

curl https://www.google.com --cacert mycert.pem

It it works, then the problem is resolved. All what we need to do is to add it to the repository where curl uses as trusted repository. To get the location of the certificates, do the following

strace curl https://www.google.com |& grep open

Lots of output, but right near the end I see: open("/etc/ssl/certs/578d5c04.0", O_RDONLY) = 4

Which is where my certificates are stored. Then simply append the file got earlier.

echo "#Added by me , the client\'s certificate" >> /etc/pki/tls/certs/ca-bundle.crt
cat mycert.pem >> /etc/pki/tls/certs/ca-bundle.crt

Then test again with curl, now without the certificate as an option

curl https://www.google.com

It should get the certificate.

Share:
118,736

Related videos on Youtube

mahmood
Author by

mahmood

Updated on September 18, 2022

Comments

  • mahmood
    mahmood almost 2 years

    I have added virtio-win.repo according to this guide. The content of /etc/yum.repo.d/virtio-win.repo is now

    [virtio-win-stable]
name=virtio-win builds roughly matching what was shipped in latest RHEL
baseurl=http://fedorapeople.org/groups/virt/virtio-win/repo/stable
enabled=1
skip_if_unavailable=1
gpgcheck=0

[virtio-win-latest]
[virtio-win-source]

    The last two [] have similar options as the first (which are not my problem). Now, when I run yum makecache, I get this error

    http://fedorapeople.org/groups/virt/virtio-win/repo/stable/repodata/repomd.xml: [Errno 14] problem making ssl connection

    I tried running wget http://fedorapeople.org/groups/virt/virtio-win/repo/stable/repodata/repomd.xml manually, but it recommends me to add --no-check-certificate to wget which will solve the problem.

    I want to know how can I add that option in the /etc/yum.repo.d/virtio-win.repo?

  • mahmood
    mahmood about 8 years
    No. it has no effect
  • davidgo
    davidgo about 8 years
    Try also changing back to https for the URL. Be aware that by changing sslverify to off you are foregoing protection against MITM attacks.
  • Pablo Fallas
    Pablo Fallas over 4 years
    Do you guys know if this applies to scenarios where I'm trying to disable SSL for URLs: I'm trying to run yum install <URL>, but disabling sslverify in the yum.conf, doesn't seem to do the trick.
  • peterh
    peterh about 4 years
    Why? I think nss has nothing to do to that. It is about resolving names (mostly, hostnames).
  • Michael
    Michael about 4 years
    URL : mozilla.org/projects/security/pki/nss Summary : Network Security Services Description : Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
  • user674669
    user674669 almost 4 years
    Worked great for me on CentOS Linux release 7.2.1511.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Upgrading OpenSSL in CentOS 5.3
I deleted libssl.so.10
Error: Cannot retrieve repository metadata (repomd.xml) for repository: chromium. Please verify its path and try again
How to install google chrome in CentOS 6.9?
Remove clearly and reinstall python on CentOS
Overriding yum dependency checks when newer versions of the dependent software exist
RedHat yum subversion installation
httpd-mmn = 20051115 required by "yum install php"
Linux Yum Fatal Python error: pycurl: libcurl link-time version is older than compile-time version
centOS can't install nodejs via yum