Home / server / Questions / 811179
Accepted
Anthony Fornito
Asked: 2016-10-26 06:22:54 +0800 CST

Disable SSL check rpm

  • 772

When trying to run any rpm command I get the follow error. I am not sure why i am getting a curl error but i have tried many different options which have all failed.

Running CentOS7 and behind a proxy

[root@CentOS7]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
error: skipping https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - transfer failed

So I ran a check as per a website that I think worked.

[root@CentOS7]# curl -k https://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>

I am behind an proxy and ran the export command.

export https_proxy=https://USERNAME:[email protected]:8080/

My question(s) are:

  1. What is the equivalent of curl -k to rpm?

  2. Is there an curl.config somewhere i can tell curl to not check for ssl certs? I have read this is a bad idea but I have tested the two repos on a different server that did not give me the error also not behind the proxy.

  3. Im not exactly sure the relationship of rpm to curl, but i am assuming because i am getting a curl error that curl is the one giving the error?

I did RTM for both rpm and curl and cannot figure out what needs to be done. I did read somewhere i need to import the keys or something but im not sure what i am suppose to be doing there either.

ssl rpm centos7 curl

1 Answers

  1. Best Answer

    What you would need to do is:

    wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

    If you still get an SSL warning try:

    wget --no-check-certificate https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

    Then you can

    rpm -Uvh webtatic-release.rpm

    Which should show up here:

    ll /etc/yum.repos.d
    • 16