Oracle Yum Servers Root CA sha1

Sven Jansen

    Today i stumbled over this Post from Redhat about the new system wide encryption policys in RHEL 8. I tried using it on Oracle Linux 8 beta and found it to be unusable because the Yum Servers doesn't Support higher encryption.

     

    [root@ol8beta /]# update-crypto-policies --set FUTURE

    Setting system policy to FUTURE

     

    [root@ol8beta /]# yum module install -y httpd

    ...

    Total download size: 169 k

    Installed size: 351 k

    Downloading Packages:

    [MIRROR] mod_ssl-2.4.35-6.0.1.el8+5026+822cb0ad.x86_64.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://                                                                                                          yum.oracle.com/repo/OracleLinux/OL8/beta/x86_64/getPackage/mod_ssl-2.4.35-6.0.1.el8+5026+822cb0ad.x86_64.rpm [SSL certificate problem: CA certificate key too weak]

    [FAILED] mod_ssl-2.4.35-6.0.1.el8+5026+822cb0ad.x86_64.rpm: No more mirrors to try - All mirrors were already tried without success

     

    https://yum.oracle.com/repo/OracleLinux/OL8/beta/x86_64/

    Looks like Digicerts SHA-1 is the problem, Oracle's own ECC/SHA384 Cert looks good for me. I hope this get fixed or replaced by another Root CA when Oracle Linux 8 is released.