Azure RedHat vm yum update fails with "SSL peer rejected your certificate as expired."

Asked 22/11, 2018 at 18:25 Answered 24/5, 2020 at 5:36

I just started a Standard RedHat 7 VM on Azure.

I login and type:

sudo yum update

and get:

Loaded plugins: langpacks, product-id, search-disabled-repos
https://rhui-3.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/debug/repodata/repomd.xml:
[Errno 14] curl#58 - "SSL peer rejected your certificate as expired."
Trying other mirror.
https://rhui-1.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/debug/repodata/repomd.xml:
[Errno 14] curl#58 - "SSL peer rejected your certificate as expired."
Trying other mirror.
...

I thought that the PAYG license include updates? Or is the current image broken? Tried the 7.4 image too?

Volva answered 22/11, 2018 at 18:25 Comment(3)

Take a look this. Maybe it's helpful. – Thermoelectrometer 23/11, 2018 at 1:54

Also, you could run the command with root. – Thermoelectrometer 23/11, 2018 at 2:11

This is also affecting me, Azure RHEL VM and it's only started happening in the past few days. I'm going to lodge a support ticket with Microsoft. – Aiglet 23/11, 2018 at 8:2

From MSDN, you can run this command to update the RHUI client certificate on the Azure RedHat VM:

sudo yum update -y --disablerepo='*' --enablerepo='*microsoft*'

And now you should be able to download/update packages packages without the SSL peer rejected your certificate as expired error.

Tested this on Azure RedHat Enterprise Linux 7.3 and it works fine for me.

Bolshevist answered 24/5, 2020 at 5:36 Comment(2)

This should be the accepted answer. It is the official solution. – Sanative 5/1, 2021 at 18:40

Confirmed this is the only needed step, in Jan 2022 on a RHEL 7.9 VM. – Karb 25/1, 2022 at 14:0

I also faced same issue yesterday. I referred to following links on Redhat Support Portal.

https://access.redhat.com/articles/3189332 (for instructions to link Azure account with RH Portal and register for portal,
(registration must) https://access.redhat.com/solutions/3167021

Though my problem didn't got resolved from the above post after following instructions as it is, after taking cue from the problem description, following worked for me. In my case, older version of "rhui-azure-rhel7" RPM was installed on VM I had setup few weeks back where I was facing same issue as yours.

curl -o azureclient.rpm https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel7/rhui-azure-rhel7-2.2-74.noarch.rpm
rpm -U azureclient.rpm

Hope this helps.

Ladd answered 23/11, 2018 at 11:18 Comment(2)

This is the correct answer. RHEL machines use client certificates to authenticate to to the Red Hat Update Infrastructure. That cert has expired and needs a manual update via the package rhui-azure-rhel7, and the exact version number gets updated over time. – Undertaker 26/11, 2018 at 16:40

Thanks! A more direct form worked for me too: rpm -Uvh https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel7/rhui-azure-rhel7-2.2-74.noarch.rpm – Klepac 28/11, 2018 at 22:38

I ran into this issue previously and the workaround provided by Azure support was to run the following commands:

wget  https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel7/rhui-azure-rhel7-2.2-74.noarch.rpm
sudo rpm -U rhui-azure-rhel7-2.2-74.noarch.rpm
sudo yum clean all
sudo yum repolist

Hegira answered 7/1, 2019 at 1:54 Comment(0)

You need to update the RHUI certificate using the Microsoft-provided RPM.

RHEL 6:

   $ curl -o azureclient.rpm https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel6/Packages/r/rhui-azure-rhel6-2.2-97.noarch.rpm
    $ sudo rpm -U azureclient.rpm
    $ sudo yum clean all
    $ sudo yum repolist all

RHEL 7:

    $ curl -o azureclient.rpm https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel7/Packages/r/rhui-azure-rhel7-2.2-97.noarch.rpm
    $ sudo rpm -U azureclient.rpm
    $ sudo yum clean all
    $ sudo yum repolist all

Root Cause: The certificate for the RHUI client is no longer valid and needs to be updated.

Hydroxide answered 27/9, 2019 at 12:10 Comment(0)

If you can't download rhui-azure-rhel7-2.2-74.noarch.rpm using wget, you can use a manual update procedure. Worked for me.

This one:

https://learn.microsoft.com/en-us/azure/virtual-machines/linux/update-infrastructure-redhat#manual-update-procedure-to-use-the-azure-rhui-servers

Shortly, it is:

# Download key
curl -o RPM-GPG-KEY-microsoft-azure-release https://download.microsoft.com/download/9/D/9/9d945f05-541d-494f-9977-289b3ce8e774/microsoft-sign-public.asc

# Validate it
# keyid must be EB3E94ADBE1229CF
# user ID must be "Microsoft (Release signing) <[email protected]>"
gpg --list-packets --verbose < RPM-GPG-KEY-microsoft-azure-release

# Install it
sudo install -o root -g root -m 644 RPM-GPG-KEY-microsoft-azure-release /etc/pki/rpm-gpg
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-microsoft-azure-release

Then you will be able to download and install rpm of Azure client (if needed)

# RHEL 6
curl -o azureclient.rpm https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel6/Packages/r/rhui-azure-rhel6-2.2-74.noarch.rpm

# RHEL 7
curl -o azureclient.rpm https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel7/Packages/r/rhui-azure-rhel7-2.2-74.noarch.rpm

# Install
sudo rpm -U azureclient.rpm

Stonefly answered 15/5, 2019 at 11:17 Comment(1)

Please Take the Tour , and be sure with your answer link While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. how to answer – Abbasid 15/5, 2019 at 11:23

-3

Try run sudo yum upgrade and then you should be able to have this working

SSL expire issue on Azure RHEL 7 before can be easily brushed out by running sudo yum upgrade to force refreshing these certs.

Runck answered 22/11, 2018 at 23:43 Comment(0)

Recommended topics

Hot tags