Hi,
While trying to register a client to a local SMT server with clientSetup4SMT.sh, I’m getting a ‘curl’ error and server don’t register. I’ve read the issue may be related to expiration of certificates, but can’t find for sure how to get this solved so we can start updating the server
Here’s the output on registration:
clientSetup4SMT.sh https://patchsrv01/center/regsvc/ --regcert http://patchsrv01/smt.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
SN
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, CN=YaST Default CA (srv-parche)/emailAddress=postmaster@my.net
Validity
Not Before: Sep 24 17:45:41 2009 GMT
Not After : Sep 22 17:45:41 2019 GMT
Subject: C=US, CN=YaST Default CA (srv-parche)/emailAddress=postmaster@my.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
MODULUS
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Netscape Comment:
YaST Generated CA Certificate
Netscape Cert Type:
SSL CA, S/MIME CA
X509v3 Key Usage:
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
X509v3 Authority Key Identifier:
keyid:
DirName:/C=US/CN=YaST Default CA (srv-parche)/emailAddress=postmaster@my.net
serial:
X509v3 Subject Alternative Name:
email:postmaster@my.net
X509v3 Issuer Alternative Name:
email:postmaster@my.net
Signature Algorithm: sha1WithRSAEncryption
SIGNATURE
Do you accept this certificate? [y/n] y
Client setup finished.
Start the registration now? [y/n] y
/usr/bin/suse_register -i -L /root/.suse_register.log
Execute curl command failed with ‘60’:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
Thanks in advance