Forum Stats

  • 3,817,238 Users
  • 2,259,294 Discussions


Oracle Yum Servers Root CA sha1

Sven Jansen
Sven Jansen Member Posts: 16 Green Ribbon
edited May 18, 2019 6:56AM in Oracle Linux and UEK Preview

Today i stumbled over this Post from Redhat about the new system wide encryption policys in RHEL 8. I tried using it on Oracle Linux 8 beta and found it to be unusable because the Yum Servers doesn't Support higher encryption.

[[email protected] /]# update-crypto-policies --set FUTURE

Setting system policy to FUTURE

[[email protected] /]# yum module install -y httpd


Total download size: 169 k

Installed size: 351 k

Downloading Packages:

[MIRROR] mod_ssl-2.4.35-6.0.1.el8+5026+822cb0ad.x86_64.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://                                                                                                 [SSL certificate problem: CA certificate key too weak]

[FAILED] mod_ssl-2.4.35-6.0.1.el8+5026+822cb0ad.x86_64.rpm: No more mirrors to try - All mirrors were already tried without success

Looks like Digicerts SHA-1 is the problem, Oracle's own ECC/SHA384 Cert looks good for me. I hope this get fixed or replaced by another Root CA when Oracle Linux 8 is released.