Hello Everybody,



I'm curious about the ssl-verification when using an https-address for the repo-option in kickstart.

When I'm trying to use https I get the result "Peer cert cannot be verified or peer cert invalid" in the debug output from anaconda.



I know the cert is valid, but I guess it cant be verified against the CA anaconda is using ?

I noticed in later versions (>14.19-1) of anaconda the --noverifyssl flag was added which I'm pretty sure would solve my problem.



My question really boils down to,

- Can I somehow add our rootca to the CA anaconda is looking in, or make it validate our certs in some other way ?
















Patrik Martinsson

ITi



SMHI

Telefon 011-4958417 Fax 011-4958350

Mobil 011-4958417 Epost patrik.martinsson@smhi.se

601 76 Norrköping Besöksadress Folkborgsvägen 1

www.smhi.se





_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list

On 12/30/2010 02:42 PM, Patrik Martinsson wrote:

Hello Everybody,

I'm curious about the ssl-verification when using an https-address for
the repo-option in kickstart.
When I'm trying to use https I get the result "Peer cert cannot be
verified or peer cert invalid" in the debug output from anaconda.

I know the cert is valid, but I guess it cant be verified against the CA
anaconda is using ?
I noticed in later versions (>14.19-1) of anaconda the --noverifyssl
flag was added which I'm pretty sure would solve my problem.

My question really boils down to,
- Can I somehow add our rootca to the CA anaconda is looking in, or make
it validate our certs in some other way ?


Hi,

You can add your own CA in kickstart as Marko described here:
https://bugzilla.redhat.com/show_bug.cgi?id=599040#c0

Ales

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list