Score:1

RHEL 8 Registration Failed: SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED

cn flag
Joe

I am trying to stand up a minimal RHEL 8 server on VMware Fusion with RHEL Developer creds. When I attempt to run the command:

subscription-manager register --username my_username --password my_password

I receive the following error:

Unable to verify server's identity: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legace renegotiation disabled (_ssl.c:897)

I am assuming this is because my organization is performing SSL inspection and breaking the cert. I have gone to the config file "/etc/rhsm/rhsm.conf" and changed the insecure flag to "1" (which is supposed to disable certificate verification)

Not sure what I am doing wrong here. Any thoughts on what else I need to do to get this to go through??

Score:0
id flag

It looks like your crypto-policy may be set to future. If you set it back to the default, you should be able to successfully register your RHEL 8 system.

https://access.redhat.com/articles/3666211#how-do-you-use-crypto-policies-5

Score:0
cm flag

You likely need to lower your system's crypto policy to LEGACY:

update-crypto-policies --set LEGACY

Consider creating your own policy to better match your environment.

Update:

https://access.redhat.com/solutions/5473501

What does curl -v https://subscription.rhsm.redhat.com/subscription/ --cacert /etc/rhsm/ca/redhat-uep.pem yield? If your org does TLS inspection as you say, try adding your MITM device's CA cert to RHSMs config:

  • Place the cert in /etc/rhsm/ca/your-org.pem
  • Set RHSM to use it (in /etc/rhsm/rhsm.conf):
[rhsm]
repo_ca_cert = /etc/rhsm/ca/your-org.pem
Joe avatar
cn flag
Joe
I ran this command and rebooted the server but I am still getting the same error
cm flag
Review the crypto policy settings. You should be able to activate insecure renegotiation with a custom policy.
cm flag
I've updated my answer
Joe avatar
cn flag
Joe
Thanks for the update. I tried this but now I am getting an error that there is a self signed cert in the chain. Although I am pretty sure my org's cert is not self signed
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.