Oracle Linux VSA OS Security Updates

Question

Hi,We get error message when trying to do OS Security updates on VSA’s running Oracle Linux 9. Has anyone else encountered this issue?command: sudo dnf makecacheResult: Oracle Linux 9 BaseOS Latest (x86_64)                                                                                                                                                             Errors during downloading metadata for repository 'ol9_baseos_latest':  - Curl error (60): SSL peer certificate or SSH remote key was not OK for https://yum.oracle.com/repo/OracleLinux/OL9/baseos/latest/x86_64/repodata/repomd.xml [SSL certificate problem: unable to get local issuer certificate]Error: Failed to download metadata for repo 'ol9_baseos_latest': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried ThanksPPS

Kalaivanan · Accepted Answer

Hi ​@PPSAs a workaround, you can run the below command to bypass the SSL validation.sudo dnf makecache --setopt=sslverify=falseAs a permanent fix, install your organization’s root/intermediate CA certificate into the system trust store (/etc/pki/ca-trust/source/anchors/) and run (update-ca-trust extract).This ensures Oracle Linux can validate the SSL chain properly, allowing dnf to work without disabling sslverify.Reference:https://www.redhat.com/en/blog/configure-ca-trust-list?utm

Mirko Mastri · Answer

Try this:https://forums.oracle.com/ords/apexds/post/curl-60-peer-s-certificate-issuer-is-not-recognized-6108

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded