Power

 View Only

 SSL peer certificate or SSH remote key issue with public.dhe.ibm.com

Tai Morris's profile image
Tai Morris posted Tue January 14, 2025 04:11 PM

Hello,

When I try to use dnf on an AIX 7.3 TL3 system, I get

Errors during downloading metadata for repository 'AIX_Toolbox':
  - Curl error (60): SSL peer certificate or SSH remote key was not OK for https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [SSL certificate problem: self signed certificate in certificate chain]

I have set up certificates like I have on other AIX 7 systems, but only this one complains.

Thank you!

Tai Morris's profile image
Tai Morris posted Fri January 17, 2025 02:16 PM

I finally got it to work by adding

sslverify=False

to the [main] stanza in /opt/freeware/dnf/etc/dnf.conf.

Tai Morris's profile image
Tai Morris posted Wed January 22, 2025 08:59 AM

The root cause appears to be that the ca-certificates RPM did not install because the dnf_aixtoolbox.sh script is not able to download the dnf_bundle_aix_73.tar bundle because ... the ca-certificates RPM is not installed. Got a chicken-and-egg situation now. The line

export PERL_LWP_SSL_VERIFY_HOSTNAME=0

used to allow lwp-download to download dnf_bundle_aix_73.tar in dnf_aixtoolbox.sh, but it's not working on AIX 7.3 TL3.