Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSL CA cert (path? access rights?)

I am using CentOs 6.6 64bit, and have a problem when using curl. The server primarily hosts several wordpress blogs using apache and mysql.

My simplest means to generate the error is with the following yum command which outputs the below

yum list "ca-certi*"

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 error was
14: PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
 * base: cosmos.cites.illinois.edu
 * epel: mirror.cogentco.com
 * extras: mirrors.rit.edu
 * updates: mirrors.rit.edu
Installed Packages
ca-certificates.noarch                 2014.1.98-65.1.el6                  @base

Soutions tried and failed so far based from googling around

1) I have tried restarting the VPS, no good

2) Executing curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt without any luck

3) This solution was no good at all, as it relies on yum to solve the SSL problem that yum also suffers http://syslint.com/syslint/curl-77-problem-with-the-ssl-ca-cert-path-access-rights-solved/

Can I run these yum steps to install with wget?, would you think it would help?

# yum reinstall ca-certificates

# yum reinstall openssl

I think virtualmin had installed some updates in the last 24 hours, is there a log of updates it ran somewhere?

Can anyone please help get around this "Problem with the SSL CA cert (path? access rights?)" problem.

TIA

like image 591
BradMcA Avatar asked Jan 16 '15 15:01

BradMcA


3 Answers

More easy solution for centos 6/7. Remove ca and reinstall certificate.

rm -f /etc/ssl/certs/ca-bundle.crt && yum reinstall -y ca-certificates

Problem that if you just only reinstall certs. This will dont replace ca-bundle. Leave it new with .rpmnew name.

like image 146
otakuf Avatar answered Oct 11 '22 03:10

otakuf


this worked for me : centos 6

mkdir /usr/src/ca-certificates && cd /usr/src/ca-certificates

wget http://mirror.centos.org/centos/6/os/x86_64/Packages/ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm

rpm2cpio ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm | cpio -idmv

cp -pi ./etc/pki/tls/certs/ca-bundle.* /etc/pki/tls/certs/

do yes to override

to check :

curl -vvv https://www.unixy.net

like image 23
batchenr Avatar answered Oct 11 '22 03:10

batchenr


Solution from here https://www.virtualmin.com/node/35857

nss-softokn breaks yum/rpm in CentOS 6 In order to fix it do the following:

wget http://mirror.centos.org/centos/6/updates/x86_64/Packages/nss-softokn-fr...

rpm2cpio nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm | cpio -idmv

cd lib64

cp libfreeblpriv3.* /lib64

yum update # sync new repo package

like image 31
BradMcA Avatar answered Oct 11 '22 01:10

BradMcA