Score:0

How do I update a very old CentOS release (6.2) where yum won't work at all because of outdated openssl certificates?

cn flag

I have an old CentOS 6.2 machine and need to update a few packages on it (or many packages, I suppose).

However I can't do anything with yum because even after changing the repos to vault.centos.org, yum spits out this error whenever attempting to download any packages:

[Errno 14] problem making ssl connection

The usual solutions to this error are "update openssl or certificate bundles" but of course I can't do that because that requires yum.

I have already tried using sslverify=0 in the repo file and sslverify=false in yum.conf to no avail.

Is there a manual way I can update these so I can start using yum again?

Score:1
gy flag

I faced the same problem on a CentOS 6.6, and the solution that I found was:

  1. Use mirrors provided by linuxsoft.cern.ch., i.e. replacing "baseurl=https://mirror.centos.org..." by "baseurl=https://linuxsoft.cenr.ch..." in your /etc/yum.repos.d/CentOS-Base.repo. Be sure to use CentOS 6.10 mirror !
  2. update openssl nssm curl (yum update ...)
  3. You can switch back to vault.centos.org in your /etc/yum.repos.d/CentOS-Base.repo.

Source: https://www.mark-gilbert.co.uk/fixing-yum-repos-on-centos-6-now-its-eol/

HBruijn avatar
in flag
It bears repeating that CentOS 6 is end-of-life and has been for years. Any maintenance effort is probably wasted because any "updates" you install only offer something slightly less out-of-date than what you have already been neglecting to update for years and still won't make your system any less legacy.
KoolKat-Bytes avatar
gy flag
My comment was a litte try to help the community. I totally agree with you ! But I have a client that is not yet ready to upgrade to a "modern" distro ...
Score:1
in flag

Most likely the certificate is not the problem but the supported TLS versions of the used SSL/TLS library. vault.centos.org for example is TLS1.2 only and your OS by default only supports TLS 1.0.

Therefore even disabling certificate checking won't help as the error is on protocol level.

I see two possible solutions:

  1. Dowload the rpm packages of yum and it's dependencies manually on a different computer transfer them e.g. via USB Stick to the CentOS machine and there manually install them
  2. If you have a seconds PC in your network with a newer OS install mitmproxy on it and on the CentOS machine use it as proxy. Install the mitmproxy root CA certificate or disable certificate checking. Mitmproxy should be able to translate the TLS versions so that yum can again connect to an update server.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.