3 Replies Latest reply on May 18, 2019 10:56 AM by Sven Jansen

    Oracle Yum Servers Root CA sha1

    Sven Jansen

      Today i stumbled over this Post from Redhat about the new system wide encryption policys in RHEL 8. I tried using it on Oracle Linux 8 beta and found it to be unusable because the Yum Servers doesn't Support higher encryption.

       

      [root@ol8beta /]# update-crypto-policies --set FUTURE

      Setting system policy to FUTURE

       

      [root@ol8beta /]# yum module install -y httpd

      ...

      Total download size: 169 k

      Installed size: 351 k

      Downloading Packages:

      [MIRROR] mod_ssl-2.4.35-6.0.1.el8+5026+822cb0ad.x86_64.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://                                                                                                          yum.oracle.com/repo/OracleLinux/OL8/beta/x86_64/getPackage/mod_ssl-2.4.35-6.0.1.el8+5026+822cb0ad.x86_64.rpm [SSL certificate problem: CA certificate key too weak]

      [FAILED] mod_ssl-2.4.35-6.0.1.el8+5026+822cb0ad.x86_64.rpm: No more mirrors to try - All mirrors were already tried without success

       

      https://yum.oracle.com/repo/OracleLinux/OL8/beta/x86_64/

      Looks like Digicerts SHA-1 is the problem, Oracle's own ECC/SHA384 Cert looks good for me. I hope this get fixed or replaced by another Root CA when Oracle Linux 8 is released.