RHEL 8 Registration Failed: SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED

Question

I am trying to stand up a minimal RHEL 8 server on VMware Fusion with RHEL Developer creds. When I attempt to run the command:

subscription-manager register --username my_username --password my_password

I receive the following error:

Unable to verify server's identity: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legace renegotiation disabled (_ssl.c:897)

I am assuming this is because my organization is performing SSL inspection and breaking the cert. I have gone to the config file "/etc/rhsm/rhsm.conf" and changed the insecure flag to "1" (which is supposed to disable certificate verification)

Not sure what I am doing wrong here. Any thoughts on what else I need to do to get this to go through??

Answer 1

You likely need to lower your system's crypto policy to LEGACY:

update-crypto-policies --set LEGACY

Consider creating your own policy to better match your environment.

Update:

https://access.redhat.com/solutions/5473501

What does curl -v https://subscription.rhsm.redhat.com/subscription/ --cacert /etc/rhsm/ca/redhat-uep.pem yield? If your org does TLS inspection as you say, try adding your MITM device's CA cert to RHSMs config:

• Place the cert in /etc/rhsm/ca/your-org.pem
• Set RHSM to use it (in /etc/rhsm/rhsm.conf):

[rhsm]
repo_ca_cert = /etc/rhsm/ca/your-org.pem

Answer 2

It looks like your crypto-policy may be set to future. If you set it back to the default, you should be able to successfully register your RHEL 8 system.

https://access.redhat.com/articles/3666211#how-do-you-use-crypto-policies-5