SSL peer rejected your certificate as expired

Known Issues Azure
1

Affected Products:

  • All ProComputers RHEL 7 images in Azure that includes rhui-azure-rhel7 package version 2.2-222 and earlier.

Opened: 2023-02-27

Severity: 2-Minor

Symptoms:
Starting with February 24th 2023, 18:41:11 GMT, in all affected RHEL 7 VM images, the Azure RHUI (Red Hat Update Infrastructure) is not reachable anymore, and the yum command fails with error “SSL peer rejected your certificate as expired.”.

[root@test-rhel79-vm ~]$ sudo yum update
Loaded plugins: search-disabled-repos
openlogic | 2.9 kB 00:00:00
rhui-microsoft-azure-rhel7 | 2.1 kB 00:00:00
https://rhui-https://rhui-1.microsoft.com/pulp/repos//content/dist/rhel/rhui/server/7/7Server/x86_64/dotnet/1/os/repodata/repomd.xml: [Errno 14] curl#58 - “SSL peer rejected your certificate as expired.”
[…]

This is due to the fact that the Azure RHUI certificate in the rhui-azure-rhel7-2.2-222.noarch package has expired. You can see the certificate expiration date with the command below:

[root@test-rhel79-vm ~]$ sudo openssl x509 -in /etc/pki/rhui/product/content.crt -startdate -enddate -noout
notBefore=Feb 24 18:41:11 2021 GMT
notAfter=Feb 24 18:41:11 2023 GMT

Solution:
To go around this issue, you need to manually update the rhui-azure-rhel7 package using the commands below:

  1. Remove the existing rhui-azure-rhel7 package

[root@test-rhel79-vm ~]$ sudo yum remove rhui-azure-rhel7
[…]

  1. Install the new rhui-azure-rhel7 package

[root@test-rhel79-vm ~]$ sudo yum --config=‘https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel7.config’ install ‘rhui-azure-rhel7’
[…]

  1. Check the version of the new installed rhui-azure-rhel7 package

[root@test-rhel79-vm ~]$ sudo rpm -qa | grep rhui
rhui-azure-rhel7-2.2-441.noarch

  1. Check the expiration date of the certificate in the new installed rhui-azure-rhel7 package

[root@test-rhel79-vm ~]$ sudo openssl x509 -in /etc/pki/rhui/product/content.crt -startdate -enddate -noout
notBefore=Feb 14 06:54:16 2023 GMT
notAfter=Feb 13 06:54:16 2025 GMT

The new installed rhui-azure-rhel7-2.2-441.noarch package contains a new certificate that expires on February 13 2025, 06:54:16 GMT.

If you still face the same issue, please contact ProComputers Support as instructed in this article.