I am trying to install the .net Core SDK 2.0.0 on Centos 7 following the directions in ".NET Tutorial - Hello World in 5 minutes".
When I ran the first command
sudo rpm --import I got this error:
curl: (60) Peer's Certificate issuer is not recognized.
More details here:
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
error: import read failed(2)I am behind a corporate proxy, and it seems this error is related to SSL certificate and curl, but I don't know how to fix it.
Also, I get a similar error when I use curl or wget to download the HTTPS URL.
6 Answers
I had the same issue and then just temporary turned off SSL check and installed the packages. But please be warned that this is bypassing a security measure so use with caution.
sudo vi /etc/yum.conf And then on the editor just add the following line
sslverify=false 2 Finally fixed it. Post the answer here as reference.
- Export company trusted root certificate with .cer extension. Somthing naming external root certificate
- Convert the ca file to .pem file using
openssl x509 -in xxx.cer -inform der -outform pem -out xxx.pem
Then on the centos 7 os:
Install the ca-certificates package: yum install ca-certificates
Enable the dynamic CA configuration feature: update-ca-trust force-enable
Add the exported pem files to /etc/pki/ca-trust/source/anchors/
Use command: update-ca-trust extract
References:
3You can simply do:
wget --no-check-certificate
rpm --import microsoft.asc 1 cd /etc/pki/ca-trust/extracted/pem
mv tls-ca-bundle.pem tls-ca-bundle.pem.back
wget --no-check-certificate
mv cacert.pem tls-ca-bundle.pem 4 The self-signed SSL certificate I was using had expired so on Cent OS 7 I run the command below, but increased the days from -days 365 to -days 1400, which is approximately a 4 year guarantee.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crtYou can find more information in "How To Create an SSL Certificate on Apache for CentOS 7".
1Check if your server has valid proxy settings.
1