Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 04-25-2017, 06:23 PM   #1
Registered: Feb 2003
Distribution: Fedora {latest}
Posts: 566

Rep: Reputation: 40
Question DNF curl: (60) Peer certificate cannot be authenticated with known CA certificates

I'm on brand new install of Fedora 25 server.
I'm behind corporate proxy that requires authentication (username/password).
I can't figure out why DNF won't connect to the sites whereas curl (seemed ) to have no problem.

The error I'm getting is
dnf -v check-update
cannont download "https://mirrors.<blah>': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with known CA certificates for https://mirrors.fedoraproject<blah-blah> [Peer's Certificate issuer is not recognized.]
Error: Failed to synchronize cache for repo 'updates'
at the same time if I run :
curl -v --X http://<proxyuser>:<proxy_pass>@proxy_ip:port > page.html
I'm getting through and able to download the html page.

what I have done so far:
1. I appended /etc/dnf/dnf.conf with:
2. Obtained the CA certificate for the proxy and added it into /etc/pki/ca-trust/source; followed with "update-ca-trust extract"
3. compared the date/time with the network - close to a minute despite not running ntpd

still dnf is unable to get the list.

any leads will be very much appreciated.

hmmm.. the curl isn't getting the page ( from a website) if I specify httpS protocol. but works fine if I specify http protocol. DNF makes requests on httpS too.

Last edited by DBabo; 04-25-2017 at 06:47 PM.
Old 04-26-2017, 03:23 PM   #2
Registered: Feb 2003
Distribution: Fedora {latest}
Posts: 566

Original Poster
Rep: Reputation: 40
I'm marking as resolved.
Solution was to get "oh , great" SA to review proxy policies _carefully_ and get the curl to use the CA and NTLM authentications. In short - nothing interesting.


certificate, curl, dnf

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
cURL error 60: Peer certificate cannot be authenticated with known CA certificates DanTheMan-NL Red Hat 3 08-07-2015 06:04 PM
[SOLVED] Curl certificates mlpa Slackware 2 04-10-2012 08:28 AM
Creating certificate authenticated user elmidwill Linux - Newbie 1 08-20-2010 12:08 AM
curl certificates being refused, possible filepath issue JDska55 Linux - Newbie 3 07-13-2009 08:18 PM
Can Linux connect to a Certificate-authenticated network? J_K9 Linux - General 6 11-27-2005 03:00 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:58 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration