"Peer cert cannot be verified or peer cert invalid"
If you get an error similar to this for one of the XML files that yum tries to fetch:
[Errno 14] Peer cert cannot be verified or peer cert invalid
Try this first:
- Try opening the XML file in your local browser and inspect whether the certificate passes.
- The cert is fine, does it pass on your server? (Probably not, but try curl):
If this fails, but your browser can show the XML file just fine, you have isolated the problem to your OP5 server, and it's likely that you have an out of date CA bundle. Inspect the following folder:
# ls -la /etc/pki/tls/certs/
Look for a file ending in "rpmnew", and/or files that look outdated. An example of this would be these two files:
-rw-r--r-- 1 root root 441017 Jan 20 2010 ca-bundle.crt
-rw-r--r-- 1 root root 754217 Feb 28 2018 ca-bundle.crt.rpmnew
The first file should have been replaced, but for some reason it wasn't. Move it somewhere else (/root for example), rename the rpmnew file and reload:
# cd /etc/pki/tls/certs
# mv ca-bundle.crt /root
# mv ca-bundle.crt.rpmnew ca-bundle.crt
You may need to update keys manually (404 Not Found)
If you run into the following error message when trying to perform a yum update:
Retrieving key from http://linux.dell.com/repo/hardware/latest/RPM-GPG-KEY-dell
GPG key retrieval failed: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
You may need to add these keys manually using the following commands:
rpm --import https://linux.dell.com/repo/pgp_pubkeys/0x1285491434D8786F.asc
rpm --import https://linux.dell.com/repo/pgp_pubkeys/0x756ba70b1019ced6.asc
rpm --import https://linux.dell.com/repo/pgp_pubkeys/0xca77951d23b66a9d.asc
After this, you can issue your yum update again.