SSL certification issue registering against local SMT

SUSE Product Topics SLES Updates
1

Hi,

While trying to register a client to a local SMT server with clientSetup4SMT.sh, I’m getting a ‘curl’ error and server don’t register. I’ve read the issue may be related to expiration of certificates, but can’t find for sure how to get this solved so we can start updating the server

Here’s the output on registration:

clientSetup4SMT.sh https://patchsrv01/center/regsvc/ --regcert http://patchsrv01/smt.crt

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
SN
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, CN=YaST Default CA (srv-parche)/emailAddress=postmaster@my.net
Validity
Not Before: Sep 24 17:45:41 2009 GMT
Not After : Sep 22 17:45:41 2019 GMT
Subject: C=US, CN=YaST Default CA (srv-parche)/emailAddress=postmaster@my.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
MODULUS
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Netscape Comment:
YaST Generated CA Certificate
Netscape Cert Type:
SSL CA, S/MIME CA
X509v3 Key Usage:
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:

        X509v3 Authority Key Identifier: 
            keyid:
            DirName:/C=US/CN=YaST Default CA (srv-parche)/emailAddress=postmaster@my.net
            serial:

        X509v3 Subject Alternative Name: 
            email:postmaster@my.net
        X509v3 Issuer Alternative Name: 
            email:postmaster@my.net
Signature Algorithm: sha1WithRSAEncryption

SIGNATURE
Do you accept this certificate? [y/n] y
Client setup finished.
Start the registration now? [y/n] y
/usr/bin/suse_register -i -L /root/.suse_register.log
Execute curl command failed with ‘60’:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.

Thanks in advance

2

isgleas wrote:
[color=blue]

While trying to register a client to a local SMT server with
clientSetup4SMT.sh, I’m getting a ‘curl’ error and server don’t
register.[/color]

I would suggest you look at the Knowledgebase.
http://www.suse.com/support/kb/

Here are two documents that deal with curl 60 errors.

http://www.suse.com/support/kb/doc.php?id=7002146
http://www.suse.com/support/kb/doc.php?id=7010008


Kevin Boyle - Knowledge Partner
If you find this post helpful and are using the web interface,
show your appreciation and click on the star below…