AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

 View Only
Back to discussions
Expand all | Collapse all

/var/ssl/certs not being created during BOS?

  • 1.  /var/ssl/certs not being created during BOS?

    Posted Thu April 13, 2023 03:20 AM
    Edited by Ayappan P Tue April 18, 2023 09:56 AM

    Hi folks!  I've been running into this issue for a few weeks/months now and I've not seen any definitive fix for it.  I first noticed it when running "yum update," and the issue persists when I started using DNF instead of YUM:

    #  dnf update
    AIX generic repository                          0.0  B/s |   0  B     00:00
    Errors during downloading metadata for repository 'AIX_Toolbox':
      - Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [SSL certificate problem: self signed certificate in certificate chain]
    Error: Failed to download metadata for repo 'AIX_Toolbox': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
    AIX noarch repository                           0.0  B/s |   0  B     00:00
    Errors during downloading metadata for repository 'AIX_Toolbox_noarch':
      - Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml [SSL certificate problem: self signed certificate in certificate chain]
    Error: Failed to download metadata for repo 'AIX_Toolbox_noarch': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
    Ignoring repositories: AIX_Toolbox, AIX_Toolbox_noarch
    Dependencies resolved.
    Nothing to do.
    Complete!


    The fix for this has been to manually create /var/ssl/certs and force-reinstall ca-certificates, after which the command runs fine.  I've seen mention that more recent versions of OpenSSL have resolved this issue, but I am installing the most recent versions of the following software for this RTE BOSINST (7300-01-01-2246):

    DNF (and all pre-reqs)
    OpenSSL (I've tried both 1.1.2.2000 and 3.0.8.1000)

    And I still have this issue today.  Any insight into a fix for this would be most welcome.  Let me know if you need any more info from me, and thanks in advance!



    ------------------------------
    Chuck Kuykendall
    ------------------------------



Related Content