SUSE Manager/Unable to get local issuer certificate

From MicroFocusInternationalWiki
Jump to: navigation, search

SUSE Manager Main Page

Unable to get local issuer certificate

Customer reported that after registering and updating the SLES12 SPx server, he could not use zypper anymore. E.g. when running a: zypper ref The following error occurred:

   # zypper ref
   Refreshing service 'spacewalk'.
   Download (curl) error for 'https://s96lnxpr00.emea.isn.corpintra.net/XMLRPC/GET-REQ/sles-12-sp1-201602-dai-os-dai-x86_64-sles-12-sp1-sles/repodata/repomd.xml?head_requests=no&timeout=600':
   Error code: Unrecognized error
   Error message: SSL certificate problem: unable to get local issuer certificate

After some research we found the problem:

The customer is using an "old" bootstrap script to register the SLES12 SPx server. For this customer the root cause was a not-updated SUSE Manager Proxy.

The problem with older bootstrap scripts is that it creates a link of the certificate in /etc/ssl/certs/ and not in /etc/pki/trust/anchors followed by /usr/sbin/update-ca-certificates.