Disable SSL check rpm

Question

When trying to run any rpm command I get the follow error. I am not sure why i am getting a curl error but i have tried many different options which have all failed.

Running CentOS7 and behind a proxy

[root@CentOS7]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
error: skipping https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - transfer failed

So I ran a check as per a website that I think worked.

[root@CentOS7]# curl -k https://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>

I am behind an proxy and ran the export command.

export https_proxy=https://USERNAME:PASSWORD@my.proxy.com:8080/

My question(s) are:

What is the equivalent of curl -k to rpm?
Is there an curl.config somewhere i can tell curl to not check for ssl certs? I have read this is a bad idea but I have tested the two repos on a different server that did not give me the error also not behind the proxy.
Im not exactly sure the relationship of rpm to curl, but i am assuming because i am getting a curl error that curl is the one giving the error?

I did RTM for both rpm and curl and cannot figure out what needs to be done. I did read somewhere i need to import the keys or something but im not sure what i am suppose to be doing there either.

Why don't you just `yum install epel-release`? You should not need to download this manually. — Michael Hampton, Oct 25 '16 at 14:34
[root@CentOS7]# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm Loaded plugins: fastestmirror Cannot open: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm. Skipping. Error: Nothing to do — Anthony Fornito, Oct 25 '16 at 14:35
That was the output i got from simply running yum install epel-release, it cut off the being of the https part but it threw that error — Anthony Fornito, Oct 25 '16 at 15:03
That doesn't look like you ran `yum install epel-release`. It looks like you pasted in a URL instead. Try again. — Michael Hampton, Oct 25 '16 at 15:05
Ahh i see what you mean, sometimes you have to explain like I'm 5, so if I run "yum install epel-release" i am getting this error "One of the configured repositories failed (Unknown)," the Answer below installed the repo just FYI — Anthony Fornito, Oct 25 '16 at 15:09
Yes, that will work, but you've almost certainly still got problems to fix, instead of just working around them as shown below. — Michael Hampton, Oct 25 '16 at 15:21
Ohh i forgot, also one other thing i had to do to get this to work right was to add "sslverify=0" to the bottom of the repo containers (think that is what they are called) and that got rid of the "One of the configured repositories failed (Unknown)," error — Anthony Fornito, Oct 25 '16 at 19:41
That will work, but it's obviously dangerous and not suitable for production. I wouldn't even do it in a test. Better to figure out where the problem is coming from, and fix it for real. — Michael Hampton, Oct 25 '16 at 19:42

score 16 · Accepted Answer · answered Oct 25 '16 at 14:45

What you would need to do is:

wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

If you still get an SSL warning try:

wget --no-check-certificate https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Then you can

rpm -Uvh webtatic-release.rpm

Which should show up here:

ll /etc/yum.repos.d

Disable SSL check rpm

1 Answers1