Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only
Back to discussions
Expand all | Collapse all

/var/ssl/certs not being created during BOS?

  • 1.  /var/ssl/certs not being created during BOS?

    Posted Thu April 13, 2023 03:20 AM
    Edited by Ayappan P Tue April 18, 2023 09:56 AM

    Hi folks!  I've been running into this issue for a few weeks/months now and I've not seen any definitive fix for it.  I first noticed it when running "yum update," and the issue persists when I started using DNF instead of YUM:

    #  dnf update
    AIX generic repository                          0.0  B/s |   0  B     00:00
    Errors during downloading metadata for repository 'AIX_Toolbox':
      - Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [SSL certificate problem: self signed certificate in certificate chain]
    Error: Failed to download metadata for repo 'AIX_Toolbox': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
    AIX noarch repository                           0.0  B/s |   0  B     00:00
    Errors during downloading metadata for repository 'AIX_Toolbox_noarch':
      - Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml [SSL certificate problem: self signed certificate in certificate chain]
    Error: Failed to download metadata for repo 'AIX_Toolbox_noarch': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
    Ignoring repositories: AIX_Toolbox, AIX_Toolbox_noarch
    Dependencies resolved.
    Nothing to do.
    Complete!


    The fix for this has been to manually create /var/ssl/certs and force-reinstall ca-certificates, after which the command runs fine.  I've seen mention that more recent versions of OpenSSL have resolved this issue, but I am installing the most recent versions of the following software for this RTE BOSINST (7300-01-01-2246):

    DNF (and all pre-reqs)
    OpenSSL (I've tried both 1.1.2.2000 and 3.0.8.1000)

    And I still have this issue today.  Any insight into a fix for this would be most welcome.  Let me know if you need any more info from me, and thanks in advance!



    ------------------------------
    Chuck Kuykendall
    ------------------------------


    #AIXOpenSource


Related Content