SSL CA cert (path? access rights?)

Question

I am using CentOs 6.6 64bit, and have a problem when using curl. The server primarily hosts several wordpress blogs using apache and mysql.

My simplest means to generate the error is with the following yum command which outputs the below

yum list "ca-certi*"

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 error was
14: PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
 * base: cosmos.cites.illinois.edu
 * epel: mirror.cogentco.com
 * extras: mirrors.rit.edu
 * updates: mirrors.rit.edu
Installed Packages
ca-certificates.noarch                 2014.1.98-65.1.el6                  @base

Soutions tried and failed so far based from googling around

1) I have tried restarting the VPS, no good

2) Executing curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt without any luck

3) This solution was no good at all, as it relies on yum to solve the SSL problem that yum also suffers http://syslint.com/syslint/curl-77-problem-with-the-ssl-ca-cert-path-access-rights-solved/

Can I run these yum steps to install with wget?, would you think it would help?

# yum reinstall ca-certificates

# yum reinstall openssl

I think virtualmin had installed some updates in the last 24 hours, is there a log of updates it ran somewhere?

Can anyone please help get around this "Problem with the SSL CA cert (path? access rights?)" problem.

TIA

Answer 1

More easy solution for centos 6/7. Remove ca and reinstall certificate.

rm -f /etc/ssl/certs/ca-bundle.crt && yum reinstall -y ca-certificates

Problem that if you just only reinstall certs. This will dont replace ca-bundle. Leave it new with .rpmnew name.

Answer 2

this worked for me : centos 6

mkdir /usr/src/ca-certificates && cd /usr/src/ca-certificates

wget http://mirror.centos.org/centos/6/os/x86_64/Packages/ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm

rpm2cpio ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm | cpio -idmv

cp -pi ./etc/pki/tls/certs/ca-bundle.* /etc/pki/tls/certs/

do yes to override

to check :

curl -vvv https://www.unixy.net

Answer 3

Solution from here https://www.virtualmin.com/node/35857

nss-softokn breaks yum/rpm in CentOS 6 In order to fix it do the following:

wget http://mirror.centos.org/centos/6/updates/x86_64/Packages/nss-softokn-fr...

rpm2cpio nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm | cpio -idmv

cd lib64

cp libfreeblpriv3.* /lib64

yum update # sync new repo package