Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Azure RedHat vm yum update fails with "SSL peer rejected your certificate as expired."

Tags:

redhat

yum

azure

I just started a Standard RedHat 7 VM on Azure.

I login and type:

sudo yum update

and get:

Loaded plugins: langpacks, product-id, search-disabled-repos
https://rhui-3.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/debug/repodata/repomd.xml:
[Errno 14] curl#58 - "SSL peer rejected your certificate as expired."
Trying other mirror.
https://rhui-1.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/debug/repodata/repomd.xml:
[Errno 14] curl#58 - "SSL peer rejected your certificate as expired."
Trying other mirror.
...

I thought that the PAYG license include updates? Or is the current image broken? Tried the 7.4 image too?

like image 879
Robin Owens Avatar asked Nov 22 '18 18:11

Robin Owens


5 Answers

From MSDN, you can run this command to update the RHUI client certificate on the Azure RedHat VM:

sudo yum update -y --disablerepo='*' --enablerepo='*microsoft*'

And now you should be able to download/update packages packages without the SSL peer rejected your certificate as expired error.

Tested this on Azure RedHat Enterprise Linux 7.3 and it works fine for me.

like image 98
RoadRunner Avatar answered Nov 19 '22 19:11

RoadRunner


I ran into this issue previously and the workaround provided by Azure support was to run the following commands:

wget  https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel7/rhui-azure-rhel7-2.2-74.noarch.rpm
sudo rpm -U rhui-azure-rhel7-2.2-74.noarch.rpm
sudo yum clean all
sudo yum repolist
like image 35
Icehorn Avatar answered Nov 19 '22 21:11

Icehorn


I also faced same issue yesterday. I referred to following links on Redhat Support Portal.

  • https://access.redhat.com/articles/3189332 (for instructions to link Azure account with RH Portal and register for portal,
  • (registration must) https://access.redhat.com/solutions/3167021

Though my problem didn't got resolved from the above post after following instructions as it is, after taking cue from the problem description, following worked for me. In my case, older version of "rhui-azure-rhel7" RPM was installed on VM I had setup few weeks back where I was facing same issue as yours.

curl -o azureclient.rpm https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel7/rhui-azure-rhel7-2.2-74.noarch.rpm
rpm -U azureclient.rpm

Hope this helps.

like image 12
Kishan Parekh Avatar answered Nov 19 '22 20:11

Kishan Parekh


You need to update the RHUI certificate using the Microsoft-provided RPM.

RHEL 6:

   $ curl -o azureclient.rpm https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel6/Packages/r/rhui-azure-rhel6-2.2-97.noarch.rpm
    $ sudo rpm -U azureclient.rpm
    $ sudo yum clean all
    $ sudo yum repolist all

RHEL 7:

    $ curl -o azureclient.rpm https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel7/Packages/r/rhui-azure-rhel7-2.2-97.noarch.rpm
    $ sudo rpm -U azureclient.rpm
    $ sudo yum clean all
    $ sudo yum repolist all

Root Cause: The certificate for the RHUI client is no longer valid and needs to be updated.

like image 4
ser9231 33213 Avatar answered Nov 19 '22 21:11

ser9231 33213


If you can't download rhui-azure-rhel7-2.2-74.noarch.rpm using wget, you can use a manual update procedure. Worked for me.

This one:

https://learn.microsoft.com/en-us/azure/virtual-machines/linux/update-infrastructure-redhat#manual-update-procedure-to-use-the-azure-rhui-servers

Shortly, it is:

# Download key
curl -o RPM-GPG-KEY-microsoft-azure-release https://download.microsoft.com/download/9/D/9/9d945f05-541d-494f-9977-289b3ce8e774/microsoft-sign-public.asc

# Validate it
# keyid must be EB3E94ADBE1229CF
# user ID must be "Microsoft (Release signing) <[email protected]>"
gpg --list-packets --verbose < RPM-GPG-KEY-microsoft-azure-release

# Install it
sudo install -o root -g root -m 644 RPM-GPG-KEY-microsoft-azure-release /etc/pki/rpm-gpg
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-microsoft-azure-release

Then you will be able to download and install rpm of Azure client (if needed)

# RHEL 6
curl -o azureclient.rpm https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel6/Packages/r/rhui-azure-rhel6-2.2-74.noarch.rpm

# RHEL 7
curl -o azureclient.rpm https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel7/Packages/r/rhui-azure-rhel7-2.2-74.noarch.rpm

# Install
sudo rpm -U azureclient.rpm
like image 3
Yuriy Shestakov Avatar answered Nov 19 '22 20:11

Yuriy Shestakov